Numerous malicious browser extensions that pretend to be AI assistants but are actually stealing victims' personal information have taken over the Chrome Web Store. LayerX researchers found 30 Google Chrome extensions that are exact replicas of each other, with the exception of a few minor branding variations. With tens of thousands of downloads each, many of them are highly well-liked.
All of them pose as AI assistants, and they are quite good at it, but in reality, they steal browser content, email content, and anything else the user voluntarily gives them.
"The way it's being used is new and concerning, even though we've seen [similar tactics] used by malicious extensions in the past," says LayerX security researcher Natalie Zargarov. Together, the 30 of them received over 260,000 downloads. Related: Those 'Summarize With AI' Buttons Could Be Deceiving You As of this writing, over twenty-four hours after LayerX's blog post was published, many of these apps, including ChatGPT Translate, AI Sidebar, and AI Assistant, are still accessible to Chrome browser users.
Averaging over four stars each, they all have a ton of reviews, and some have even been highlighted by the Chrome Web Store, which gives them the green "Featured" label for added credibility. For this, Zargarov gives Google a pass.
According to her, "the actual 'logic' lives on a remote web application loaded via iframe in many of these extensions."
.webp%3Fw%3D696%26resize%3D696%2C0%26ssl%3D1&w=3840&q=75)
.webp&w=3840&q=75)
%2520(1).webp&w=3840&q=75)
%2520(1).webp&w=3840&q=75)
