CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Fake AI Assistant Extensions in Google Chrome Web Store Exfiltrate Credentials and Monitor Emails

First reported
Last updated
3 unique sources, 3 articles

Summary

Hide ▲

Over 260,000 Google Chrome users downloaded fake AI assistant extensions that steal login credentials, monitor emails, and enable remote access. Researchers at LayerX identified over 30 malicious extensions as part of a coordinated campaign called AiFrame. The extensions mimicked popular AI assistants like Claude AI, ChatGPT, Grok, and Google Gemini. The campaign used extension spraying to evade takedowns, directing users to remote infrastructure to avoid detection. The extensions exfiltrate data from Chrome and Gmail to attacker-controlled servers. LayerX warns that these extensions act as general-purpose access brokers, capable of harvesting data and monitoring user behavior. Many extensions have been removed from the Chrome Web Store, but users who downloaded them remain at risk. Additionally, cybersecurity researchers have discovered a malicious Google Chrome extension named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl) that steals TOTP codes for Facebook and Meta Business accounts, Business Manager contact lists, and analytics data. The extension exfiltrates data to infrastructure controlled by the threat actor, including a backend at getauth[.]pro and a Telegram channel. The extension has 33 users as of writing and was first uploaded to the Chrome Web Store on March 1, 2025. About 500,000 VKontakte users have had their accounts silently hijacked through Chrome extensions masquerading as VK customization tools. The large-scale campaign has been codenamed VK Styles. The malware embedded in the extensions is designed to engage in active account manipulation by automatically subscribing users to the attacker's VK groups, resetting account settings every 30 days to override user preferences, manipulating CSRF tokens to bypass VK's security protections, and maintaining persistent control. A report published by Q Continuum found a huge collection of 287 Chrome extensions that exfiltrate browsing history to data brokers. These extensions have 37.4 million installations, representing roughly 1% of the global Chrome userbase.

Timeline

  1. 13.02.2026 13:25 3 articles · 4d ago

    Fake AI Assistant Extensions in Google Chrome Web Store Exfiltrate Credentials and Monitor Emails

    Over 260,000 Google Chrome users downloaded fake AI assistant extensions that steal login credentials, monitor emails, and enable remote access. Researchers at LayerX identified over 30 malicious extensions as part of a coordinated campaign called AiFrame. The extensions mimicked popular AI assistants like Claude AI, ChatGPT, Grok, and Google Gemini. The campaign used extension spraying to evade takedowns, directing users to remote infrastructure to avoid detection. The extensions exfiltrate data from Chrome and Gmail to attacker-controlled servers. LayerX warns that these extensions act as general-purpose access brokers, capable of harvesting data and monitoring user behavior. Many extensions have been removed from the Chrome Web Store, but users who downloaded them remain at risk. The extensions render a full-screen iframe overlay pointing to a remote domain ("claude.tapnetic[.]pro"), allowing the attackers to remotely introduce new capabilities without requiring a Chrome Web Store update. When instructed by the iframe, the add-ons query the active browser tab and invoke a content script to extract readable article content using Mozilla's Readability library. The malware also supports the capability to start speech recognition and exfiltrate the resulting transcript to the remote page. A smaller set of the extensions contain functionality to specifically target Gmail by reading visible email content directly from the document object model (DOM) when a victim visits mail.google[.]com. When Gmail-related features such as AI-assisted replies or summaries are invoked, the extracted email content is passed into the extension's logic and transmitted to third-party backend infrastructure controlled by the extension operator. LayerX security researcher Natalie Zargarov highlights that the extensions leverage brand association and users' familiarity with well-known model names. The extensions use a full-screen iframe pointing to an attacker-controlled domain, overlaid onto the current page in the victim's browser. The attacker's server captures sensitive information fed into the extensions, which might proxy a real large language model's (LLM) API. The extensions can read page content, transmit it to attacker-controlled servers, and return a summary, potentially retaining the full dataset remotely. The extensions can exfiltrate customer data, trade secrets, and regulated data outside corporate controls. The extensions can appear compliant during review, with clean metadata, limited local code, and no obvious red flags in static analysis. Google may not be deeply analyzing network endpoints, shared TLS certificates, reused hosting providers, and identical JavaScript bundles loaded remotely. Some of the extensions remain available on the Chrome Web Store more than 24 hours after LayerX published its blog post.

    Show sources
    Open in new tab
  2. 13.02.2026 13:25 1 articles · 4d ago

    Malicious Chrome Extension CL Suite Steals TOTP Codes and Business Data

    The extension CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl) steals TOTP codes for Facebook and Meta Business accounts, Business Manager contact lists, and analytics data. The extension exfiltrates data to infrastructure controlled by the threat actor, including a backend at getauth[.]pro and a Telegram channel. The extension has 33 users as of writing and was first uploaded to the Chrome Web Store on March 1, 2025. The extension does not have capabilities to steal password-related information but can be used to gain unauthorized access to victims' accounts. The extension targets users of Meta Business Suite and Facebook Business Manager, leveraging the extension to conduct data collection and exfiltration without users' knowledge or consent. The extension gives the threat actor enough information to identify high-value targets and mount follow-on attacks. The extension shows how a narrow browser extension can repackage data scraping as a 'tool' for Meta Business Suite and Facebook Business Manager. The extension is purpose-built to scrape high-value Meta surfaces that collect contact lists, access metadata, and 2FA material straight from authenticated pages.

    Show sources
    Open in new tab
  3. 13.02.2026 13:25 1 articles · 4d ago

    VK Styles Campaign Hijacks 500,000 VKontakte Accounts via Malicious Chrome Extensions

    About 500,000 VKontakte users have had their accounts silently hijacked through Chrome extensions masquerading as VK customization tools. The large-scale campaign has been codenamed VK Styles. The malware embedded in the extensions is designed to engage in active account manipulation by automatically subscribing users to the attacker's VK groups, resetting account settings every 30 days to override user preferences, manipulating CSRF tokens to bypass VK's security protections, and maintaining persistent control. The activity has been traced to a threat actor operating under the GitHub username 2vk, who has relied on VK's own social network to distribute malicious payloads and build a follower base through forced subscriptions. The names of the extensions are VK Styles - Themes for vk.com (ID: ceibjdigmfbbgcpkkdpmjokkokklodmc), VK Music - audio saver (ID: mflibpdjoodmoppignjhciadahapkoch), Music Downloader - VKsaver (ID: lgakkahjfibfgmacigibnhcgepajgfdb), vksaver - music saver vk (ID: bndkfmmbidllaiccmpnbdonijmicaafn), and VKfeed - Download Music and Video from VK (ID: pcdgkgbadeggbnodegejccjffnoakcoh). The campaign has been active since at least June 22, 2025, when the initial version of the payload was pushed to the "-" repository. The repository associated with the VK Styles campaign is still accessible as of writing, with the file, simply named "C," receiving a total of 17 commits between June 2025 and January 2026. The repository shows deliberate refinement, indicating that the malware is a maintained software project with version control, testing, and iterative improvements. The campaign has primarily affected Russian-speaking users, who are VK's main demographic, as well as users across Eastern Europe, Central Asia, and Russian diaspora communities globally.

    Show sources
    Open in new tab
  4. 13.02.2026 13:25 1 articles · 4d ago

    287 Chrome Extensions Exfiltrate Browsing History to Data Brokers

    A report published by Q Continuum found a huge collection of 287 Chrome extensions that exfiltrate browsing history to data brokers. These extensions have 37.4 million installations, representing roughly 1% of the global Chrome userbase.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Malicious Chrome Extensions Hijack Affiliate Links and Steal ChatGPT Tokens

Researchers have discovered malicious Google Chrome extensions that hijack affiliate links, steal data, and exfiltrate OpenAI ChatGPT authentication tokens. The extensions, including Amazon Ads Blocker and others, inject developer affiliate tags into e-commerce links, replacing existing affiliate codes. Additionally, a network of extensions targets ChatGPT users, intercepting authentication tokens to gain unauthorized access to accounts. The extensions violate Chrome Web Store policies and exploit user trust to execute malicious activities. The findings highlight the growing threat of malicious browser extensions, which can serve as lucrative attack vectors for adversaries.

Open in new tab

Malicious Chrome Extension Targets MEXC API Keys via Telegram Exfiltration

A malicious Chrome extension named MEXC API Automator, masquerading as a trading automation tool, steals MEXC API keys by creating new keys with withdrawal permissions, hiding the permissions in the UI, and exfiltrating the keys to a Telegram bot. The extension remains active as long as the keys are valid, allowing attackers to control MEXC accounts, execute trades, and perform automated withdrawals. The threat actor leverages the Chrome Web Store for delivery, the MEXC web UI for execution, and Telegram for exfiltration. The extension has 29 downloads and is still available on the Chrome Web Store. The attacker's identity is unknown, but references point to a Telegram bot named SwapSushiBot promoted on TikTok and YouTube.

Open in new tab

DarkSpectre Campaigns Target 8.8 Million Users with Malicious Browser Extensions

A Chinese threat actor, DarkSpectre, has been linked to three malicious browser extension campaigns—ShadyPanda, GhostPoster, and The Zoom Stealer—which have collectively impacted 8.8 million users across Google Chrome, Microsoft Edge, and Mozilla Firefox over seven years. The campaigns facilitate data theft, search query hijacking, affiliate fraud, and corporate espionage by exfiltrating meeting-related data from video conferencing platforms. Additionally, five new malicious Chrome extensions impersonating HR and ERP platforms have been discovered, targeting Workday, NetSuite, and SAP SuccessFactors to hijack accounts. These extensions steal authentication tokens, block incident response capabilities, and enable complete account takeover through session hijacking. The extensions, some of which were recently taken down, used delayed activation and benign updates to evade detection and build trust before deploying malicious functionality. The extensions were designed to look polished and professional, with some claiming to contain security features to prevent account compromise. They engaged in a range of actions to take control of accounts, including extracting authentication cookies and uploading them to a command and control (C2) server every 60 seconds. The extensions prevented passwords from being changed to help ensure stolen access tokens remained valid indefinitely and prevented security teams from locking out compromised accounts during remediation. Administrators attempting to disable an affected user's account encountered a blank page and redirect loop. Socket recommended that organizations implement Chrome Enterprise extension allowlists to prevent installation of unauthorized extensions and monitor for extensions targeting the same enterprise platforms with similar permission requests.

Open in new tab

ShadyPanda Browser Extensions Campaign Exploits 4.3M Installs

The ShadyPanda campaign has amassed over 4.3 million installations of malicious Chrome and Edge browser extensions, evolving from legitimate tools into spyware over multiple phases. The extensions, discovered by Koi Security, engaged in affiliate fraud, search hijacking, and remote code execution. The campaign remains active on the Microsoft Edge Add-ons platform, with one extension having 3 million installs. The extensions collect browsing history, search queries, keystrokes, mouse clicks, and other sensitive data, exfiltrating it to domains in China. Users are advised to remove these extensions and reset their account passwords. The ShadyPanda campaign used a supply-chain attack tactic by publishing or acquiring harmless extensions, letting them run clean for years to build trust and gain millions of installs, then suddenly flipping them into malware via silent updates. The compromised extensions became a fully fledged remote code execution (RCE) framework inside the browser, capable of downloading and running arbitrary JavaScript with full access to the browser's data and capabilities. The extensions could steal session cookies and tokens, allowing them to impersonate entire SaaS accounts such as Microsoft 365 or Google Workspace. The risk of malicious browser extensions extends beyond individual users, as they can access cookies, local storage, cloud auth sessions, active web content, and file downloads, blurring the line between endpoint security and cloud security. Organizations should enforce extension allow lists, treat extension access like OAuth access, audit extension permissions regularly, and monitor for suspicious extension behavior to reduce the risk of malicious extensions. Modern SaaS security platforms, such as Reco's Dynamic SaaS Security platform, can help organizations monitor and detect suspicious activity related to browser extensions in real time.

Open in new tab

AI Sidebar Spoofing Vulnerability in Atlas and Comet Browsers

Researchers from NeuralTrust have discovered a vulnerability in the OpenAI Atlas browser that allows for jailbreaking through the omnibox. This vulnerability can trick users into following malicious instructions, leading to potential data breaches and unauthorized actions. The attack works by disguising a prompt instruction as a URL, which is then treated as a trusted user intent. This can override user intent, trigger cross-domain actions, and bypass safety layers. The vulnerability affects the latest versions of the Atlas browser. Researchers demonstrated two realistic attack scenarios: a copy-link trap to phish credentials and destructive instructions to delete files. The attack requires only 'host' and 'storage' permissions, which are common for productivity tools. Users are advised to be cautious when using these browsers for sensitive activities and to restrict their use to non-sensitive tasks until further security measures are implemented. Earlier, researchers from SquareX discovered a similar vulnerability in OpenAI's Atlas and Perplexity's Comet browsers that allows for AI Sidebar Spoofing. This attack can trick users into following malicious instructions, leading to potential data breaches and unauthorized actions. The vulnerability affects the latest versions of both browsers and requires only 'host' and 'storage' permissions. Users are advised to be cautious and restrict the use of these browsers to non-sensitive activities.

Open in new tab