Don't trust any browser extension blindly
Video Fox News Flash top headlines for February 26 Fox News Flash top headlines are here. Check out what's clicking on FoxNews.com.
Your web browser may feel like a safe place, especially when you install helpful tools that promise to make your life easier. But security researchers have uncovered a dangerous campaign in which more than 300,000 people installed Chrome extensions pretending to be artificial intelligence (AI) assistants. Instead of helping, these fake tools secretly collect sensitive information like your emails, passwords and browsing activity.
They used familiar names like ChatGPT, Gemini and AI Assistant. If you use Chrome and have installed any AI-related extension, your personal information may already be exposed. Even worse, some of these malicious extensions are still available today, putting more people at risk without their knowing.
More than 300,000 Chrome users installed fake AI extensions that secretly harvested sensitive data. (Kurt "CyberGuy" Knutsson)
What you need to know about fake AI extensions
Security researchers at browser security company LayerX discovered a large campaign involving 30 malicious Chrome extensions disguised as AI-powered assistants (via BleepingComputer). Together, these extensions were installed more than 300,000 times by unsuspecting users.
Some of the most popular extensions included names like AI Sidebar with 70,000 users, AI Assistant with 60,000 users, ChatGPT Translate with 30,000 users, and Google Gemini with 10,000 users. Another extension called Gemini AI Sidebar had 80,000 users before it was removed.
These extensions were distributed through the official Chrome Web Store, which made them appear legitimate and trustworthy. Even more concerning, researchers found that many of these extensions were connected to the same malicious server, showing they were part of a coordinated effort.
While some extensions have since been removed, others remain available. This means new users could still unknowingly install them and expose their personal data. Here's the list of the affected extensions:
- AI Assistant
- Gemini AI Sidebar
- ChatGPT Sidebar
- Asking ChatGPT
- Chat Bot GPT
- Grok Chatbot
- Chat With Gemini
- Google Gemini
- AI Letter Generator
- AI Message Generator
- AI Translator
- AI For Translation
- AI Cover Letter Generator
- AI Image Generator ChatGPT
- Ai Wallpaper Generator
- Ai Picture Generator
- DeepSeek Download
- AI Email Writer
- Email Generator AI
- DeepSeek Chat
- ChatGPT Picture Generator
- ChatGPT Translate
- ChatGPT Translation
- ChatGPT for Gmail
FAKE AI CHAT RESULTS ARE SPREADING DANGEROUS MAC MALWARE
These malicious tools were listed in the official Chrome Web Store, making them appear legitimate and trustworthy. (LayerX)
How the fake AI Chrome extension attack works
These fake extensions pretend to offer helpful AI features, such as translating text, summarizing emails, or acting as an AI assistant. But behind the scenes, they quietly monitor what you are doing online.
Once installed, the extension gains permission to view and interact with the websites you visit. This allows it to read the contents of web pages, including login screens where you enter your username and password.
In some cases, the extensions specifically targeted Gmail. They could read your email messages directly from your browser, including emails you received and even drafts you were still writing. This means attackers could access private conversations, financial information and sensitive personal details.
The extensions then sent this information to servers controlled by the attackers. Because they loaded content remotely, the attackers could change their behavior at any time without needing to update the extension.
Some versions could also activate voice features through your browser. This could potentially capture spoken conversations near your device and send transcripts back to the attackers.
If you installed one of these extensions, attackers may already have access to extremely sensitive information. This includes your email content, login credentials, browsing habits and possibly even voice recordings.
We reached out to Google for comment, and a spokesperson told CyberGuy that the company "can confirm that the extensions from this report have all been removed from the Google Web Store."
BROWSER EXTENSION MALWARE INFECTED 8.8M USERS IN DARKSPECTRE ATTACK
Once installed, the extensions could read emails, capture passwords, monitor browsing activity, and send the data to attacker-controlled servers. (Bildquelle/ullstein bild via Getty Images)
7 ways you can protect yourself from malicious Chrome extensions
If you have ever installed an AI-related Chrome extension, taking a few simple precautions now can help protect your accounts and prevent further damage.
