A widespread campaign of malicious Google Chrome extensions masquerading as AI assistants has been discovered, with over 300,000 installs across dozens of deceptive browser add-ons. These extensions — promoted as productivity helpers — are instead stealing sensitive credentials, email content, browsing data, and even enabling voice capture from unsuspecting users.

What Happened

Security researchers at LayerX identified a large campaign of roughly 30 malicious Chrome extensions that pose as legitimate AI assistant tools such as sidebars, GPT helpers, and ChatGPT utilities. While they promise enhanced AI functionality in the browser, the extensions are built on shared malicious infrastructure and are designed to surreptitiously harvest data from users who install them.

All identified extensions communicate with backend services under the tapnetic[.]pro domain and share the same internal logic, according to the analysis. This coordinated structure suggests they are controlled by a single threat actor or campaign cluster.

Google has removed some of these, but many remain available in the Chrome Web Store, continuing to accumulate installs.

Threat Details

The malicious extensions exhibited several dangerous behaviors once installed:

• Steal Login Information: Extensions silently extract credentials and sensitive authentication data from sites users visit.

• Capture Email Content: Around half of the extensions deploy scripts targeting Gmail, scraping visible email thread text and contextual message content directly from the browser DOM.

• Remote Control & Voice Capture: Some also implement remote voice recognition via the browser’s Web Speech API, potentially siphoning audio transcripts without user awareness.

• Browser Data Exfiltration: Browsing history and contextual site information can be relayed to the attackers’ infrastructure for profiling or further exploitation.

Critically, these extensions do not perform their claimed AI processing locally; instead, they load content in a full-screen iframe from remote servers — giving operators unfettered control of functionality and bypassing pre-reviewed code.

Malicious Extensions Identified

Below is a sample of the most widely installed extensions in the AiFrame campaign, along with their approximate install counts:

How It Works

Rather than embedding AI logic, these extensions load remote content and scripts, meaning operators can change what the extensions do after installation without triggering another store review. This flexibility dramatically increases the risk profile, as changes in behavior can be made silently.

Once granted the permissions required during installation, the extensions can read page content, extract visible data (such as Gmail content), intercept site interactions, and relay captured information back to servers controlled by the threat actors.

Impact

Because these extensions have been installed by a large number of users, the potential exposure includes:

• Compromise of email conversations and account content

• Theft of saved or entered credentials

• Profiling of browsing activity

• Loss of privacy through audio transcription capture

Recommended Actions

Immediately check for and remove any suspicious extensions.

If you suspect that you had any of these installed:

• Uninstall the extension from Chrome.

• Reset passwords for accounts accessed while the extension was active.

• Enable MFA (multi-factor authentication) on critical accounts.

• Review recent account activity for any unauthorized access.

• Audit browser extensions regularly and only install from trusted developers.

Stay vigilant about browser extension security — even legitimate-looking tools can hide malicious functionality.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.