"More than 30 malicious Chrome extensions installed by at least 260,000 users purport to be helpful AI assistants, but they steal users' API keys, email messages, and other personal data. Even worse: many of these are still available on the Chrome Web Store as of this writing. Some of these extensions impersonate specific chatbots such as Claude, ChatGPT, Gemini, and Grok, while others claim to be more generic AI assistant tools to help users summarize documents, write messages, and provide Gmail assistance."
"Another extension that is still available at the time of this writing is called AI Assistant (nlhpidbjmmffhoogcennoiopekbiglbp) and has 60,000 users. This one, which garnered the "Featured" badge on the Chrome Web Store, points users to a remote domain (claude.tapnetic.pro). It has an iframe overlay that visually appears as the extension's interface, and this iframe allows the operator to load remote content, changing the UI and logic, and silently adding new capabilities at any time wit"
More than 30 malicious Chrome extensions, installed by at least 260,000 users, operate as fake AI assistants and actively steal API keys, email messages, and other personal data. The extensions impersonate popular chatbots and offer features like summarizing documents, writing messages, and Gmail assistance to lure users. All 32 extensions share the same underlying codebase, permissions, and communicate with infrastructure under the tapnetic[.]pro domain as part of a campaign named AiFrame. Several extensions were re-published under new IDs after removals, and some remain available on the Chrome Web Store with large user counts.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]