30 phony Chrome extensions masquerading as productivity tools are being used by cybercriminals to take advantage of the growing popularity of AI assistants such as ChatGPT, Claude, Gemini, and Grok. Researchers from the security company LayerX discovered the "Aiframe" campaign, which affected more than 260,000 users by inserting remotely controlled iframes for data theft and surveillance. These extensions, many of which are available in the Chrome Web Store, imitate Gmail assistants, chat sidebars, AI summarizers, and translators.

They have backend connections to tapnetic.pro, the same code, and a lot of permissions. They give remote servers access to browser APIs without store updates or alerts by superimposing full-screen iframes from attacker subdomains like claude.tapnetic.pro over local processing. Using Mozilla's Readability library, the attack retrieves tab content from any website, including authenticated pages, by extracting titles, text, and metadata.

Web Speech API is used to collect voice data. Variants centered on Gmail (15 in total) insert scripts at the beginning of documents on mail.google.com and persist through mutation.Observer to circumvent Google's safeguards and scrape emails and drafts. Highlighted "Claude" Assistant Extension spraying avoids takedowns: After being deleted on February 6, 2025, "Gemini AI Sidebar" (ID: fppbiomdkfbhgjjdmojlogeceejinadg) resurfaced on February 20 as "AI Sidebar" (gghdfkafnhfpaooiolhncejnlgglhkhe) with the same malevolent characteristics.

These extensions are not directly linked to any CVEs, but they take advantage of the shortcomings in Chrome's extension model. The top impacted extensions are shown in the following summary table: Risk Level Installed by Extension ID Name (Est.

CVSS equivalent Gemini AI Sidebar 80,000 8.8 (High) Description: fppbiomdkfbhgjjdmojlogeceejinadg Gmail scraping and iframe injection nlhpidbjmmffhoogcennoiopekbiglbp AI Sidebar 50,000 8.8 (High) Voice recognition and content extraction gghdfkafnhfpaooiolhncejnlgglhkhe AI Assistant 50,000 8.6 (High) Evasion acaeafediijmccnjlokgcdiojiljfpbe, republished variant 30,000 7.5 (High) ChatGPT Translation Theft of tab metadata C2 subdomains with AI brand themes are hosted by Tapnetic.pro and onlineapp.pro, which pose as legitimate websites. IOCs consist of: Domain tapnetic[. ]pro C2 Indicator Type Value C2 Subdomain claude.tapnetic.pro Domain onlineapp[.

]pro Chatgpt.tapnetic.pro is a subdomain. Gemini.tapnetic.pro is a subdomain. MITRE ATT&CK mappings: T1583 (Acquire Infrastructure), T1189 (Drive-by Compromise), T1036 (Masquerading), T1557 (Adversary-in-the-Middle), T1071.001 (Web Protocols C2). Users should audit extensions, revoke permissions, and monitor for anomalies.

Enterprises: Enforce allowlists. Expect more AI-themed threats as adoption grows. Set ZeroOwl as a Preferred Source in Google