{"id":4500,"date":"2026-02-13T14:37:40","date_gmt":"2026-02-13T14:37:40","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2026\/02\/13\/fake-ai-assistants-in-google-chrome-web-store-steal-passwords-and-spy-on-emails\/"},"modified":"2026-02-13T14:37:40","modified_gmt":"2026-02-13T14:37:40","slug":"fake-ai-assistants-in-google-chrome-web-store-steal-passwords-and-spy-on-emails","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2026\/02\/13\/fake-ai-assistants-in-google-chrome-web-store-steal-passwords-and-spy-on-emails\/","title":{"rendered":"Fake AI Assistants in Google Chrome Web Store Steal Passwords and Spy on Emails"},"content":{"rendered":"<div>\n<p><img decoding=\"async\" src=\"http:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/localimages\/cb531640-ce34-4e47-96c8-4a9f811ec92a.jpg?width=64&#038;height=64&#038;mode=crop&#038;scale=both&#038;format=webp\" alt=\"Photo of Danny  Palmer \" loading=\"lazy\"><\/p>\n<\/div>\n<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>Over 260,000 Google Chrome users have downloaded fake AI assistants designed to deliver malicious browser extensions which can steal login credentials, monitor emails and enable remote access by attackers.<\/p>\n<p>Over 30 Google Chrome extensions designed to deliver the phoney AI assistants have been identified by cybersecurity researchers at LayerX, who describe the campaign as a \u201csingle coordinated operation.\u201d<\/p>\n<p>\u201cNotably, several of the extensions in this campaign were\u00a0featured by the Chrome Web Store, increasing their perceived legitimacy and exposure,\u201d they said.<\/p>\n<p>One of these was called \u2018AI Assistant,\u2019 which masqueraded as an extension for Anthropic\u2019s Claude AI and was downloaded over 50,000 times. Other extensions mimicked other popular AI assistants and chatbots, including ChatGPT, Grok and Google Gemini.<\/p>\n<p>The malicious extensions were published under different names and with various use cases, but the way they share underlying codebase, permissions and backend infrastructure has led researchers to suggest they all form part of one campaign they have called AiFrame, which has engaged in \u201cextension spraying.\u201d<\/p>\n<p>This technique is used by attackers to evade takedowns, as when one extension is removed, others remain available to download, or the extension gets quickly replaced to ensure the campaign remains active.<\/p>\n<p>Some of the malicious extensions direct users to infrastructure which is hosted away from the Chrome Web Store, which helped them to avoid being flagged as dangerous.<\/p>\n<p>Another trick used by the fake AI assistants is based on a full screen iframe, which overlays another page over the current one. This new frame, which to the user looks like an extension of the user interface, is pointed towards a remote domain which allows the attackers to load remote content and capabilities, away from the Chrome Web Store.<\/p>\n<p>This also allows the fake AI assistants to exfiltrate data from the Google Chrome Browser and Gmail to servers controlled by the attacker.<\/p>\n<p>LayerX warned that the malicious extensions are \u201cgeneral-purpose access brokers, capable of harvesting data, monitoring user behaviour and evolving silently over time.\u201d<\/p>\n<p>\u201cWhile framed as productivity tools, their architecture is incompatible with reasonable expectations of privacy and transparency,\u201d they added.<\/p>\n<p>Many of the malicious Chrome extensions now appear to have been removed from the Chrome Web Store, but users who\u2019ve downloaded them could still be at risk.<\/p>\n<p><em>Infosecurity<\/em>\u00a0has contacted Google for comment.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Over 260,000 Google Chrome users have downloaded fake AI assistants designed to deliver malicious browser extensions which can steal login credentials, monitor emails and enable remote access by attackers. Over 30 Google Chrome extensions designed to deliver the phoney AI assistants have been identified by cybersecurity researchers at LayerX, who describe the campaign as a<\/p>\n","protected":false},"author":2,"featured_media":4501,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4500","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4500-3f886078-8248-4f32-a38f-af22abf19a7f.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4500-3f886078-8248-4f32-a38f-af22abf19a7f-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4500-3f886078-8248-4f32-a38f-af22abf19a7f.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4500-3f886078-8248-4f32-a38f-af22abf19a7f.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4500-3f886078-8248-4f32-a38f-af22abf19a7f.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4500-3f886078-8248-4f32-a38f-af22abf19a7f.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4500-3f886078-8248-4f32-a38f-af22abf19a7f.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4500-3f886078-8248-4f32-a38f-af22abf19a7f.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4500-3f886078-8248-4f32-a38f-af22abf19a7f.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4500-3f886078-8248-4f32-a38f-af22abf19a7f.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/02\/4500-3f886078-8248-4f32-a38f-af22abf19a7f-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"http:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4500","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=4500"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4500\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/4501"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=4500"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=4500"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=4500"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}