Fake AI assistant Chrome extension malware activity
Malware Activity
Summary
Hide ▲
Show ▼
A cluster of 30 malicious Chrome extensions posing as AI assistants is stealing email content and other sensitive data from Chrome users, creating a broad browser-side exfiltration risk with 260,000+ downloads. The extensions are distributed through the Chrome Web Store and present a plausible chat interface while relaying prompts through attacker-controlled infrastructure. Some of the listings remained available more than 24 hours after publication, extending exposure. The activity matters because users may paste API keys, tokens, and regulated data into tools that appear legitimate.
Related Happenings
Silent Swap browser-extension clipboard clipper
Malware Activity
H score36
First: 30.06.2026 18:40
Last: 30.06.2026 18:40
Sources 1
About this happening:
The **Silent Swap** malware activity now **installs malicious Chromium extensions** that intercept copied wallet addresses and **reroute cryptocurrency transfers** to attacker-con...
Silent Swap browser-extension clipboard clipper
Malware ActivityAbout this happening: The **Silent Swap** malware activity now **installs malicious Chromium extensions** that intercept copied wallet addresses and **reroute cryptocurrency transfers** to attacker-con...
Search for perplexity ai malicious Chrome extension
Malware Activity
H score29
First: 29.06.2026 21:40
Last: 29.06.2026 21:40
Sources 1
About this happening:
A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...
Search for perplexity ai malicious Chrome extension
Malware ActivityAbout this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...
Dormant remote-controlled JavaScript injection path in Adblock for YouTube Chrome extension
Technical Analysis
H score23
First: 25.06.2026 17:12
Last: 25.06.2026 17:12
Sources 1
About this happening:
A **Chrome extension** with **10 million+ installs** was found to carry a **dormant script-injection path**, raising the risk of **arbitrary JavaScript execution** across visited...
Dormant remote-controlled JavaScript injection path in Adblock for YouTube Chrome extension
Technical AnalysisAbout this happening: A **Chrome extension** with **10 million+ installs** was found to carry a **dormant script-injection path**, raising the risk of **arbitrary JavaScript execution** across visited...
Commercial adware and traffic-attribution-fraud affiliate operation using Chrome extensions
Threat Actor Meta
H score20
First: 15.06.2026 14:07
Last: 15.06.2026 14:07
Sources 1
About this happening:
Researchers found a **commercial adware** and **traffic-attribution-fraud affiliate operation** abusing **Chrome extensions** to fabricate traffic signals and monetize installs, i...
Commercial adware and traffic-attribution-fraud affiliate operation using Chrome extensions
Threat Actor MetaAbout this happening: Researchers found a **commercial adware** and **traffic-attribution-fraud affiliate operation** abusing **Chrome extensions** to fabricate traffic signals and monetize installs, i...
Chrome extension PUP distribution network with fake organic traffic
Malware Activity
H score18
First: 15.06.2026 14:07
Last: 15.06.2026 14:07
Sources 1
About this happening:
A network of **152 Google Chrome extensions** is distributing a **potentially unwanted program (PUP) family** through new-tab live-wallpaper add-ons, creating a broad browser-base...
Chrome extension PUP distribution network with fake organic traffic
Malware ActivityAbout this happening: A network of **152 Google Chrome extensions** is distributing a **potentially unwanted program (PUP) family** through new-tab live-wallpaper add-ons, creating a broad browser-base...
Timeline
-
16.02.2026 16:00 2 articles · 4mo ago
LayerX identifies malicious AI-themed Chrome extensions
Initial DisclosureLayerX identifies 30 Google Chrome extensions in the Chrome Web Store that masquerade as AI assistants such as Gemini AI Sidebar and ChatGPT Translate while stealing email content, browser content, and other sensitive data users feed them. The set includes tools branded as AI Sidebar, AI Assistant, and AI GPT, accumulated more than 260,000 downloads, and some listings had more than four-star averages and Featured tags.
Show sources
- 260K+ Chrome Users Duped by Fake AI Browser Extensions — www.darkreading.com — 16.02.2026 16:00
- 260K+ Chrome Users Duped by Fake AI Browser Extensions — www.darkreading.com — 16.02.2026 16:00