Do Son 
A new research report from LayerX has exposed a coordinated campaign of malicious browser extensions masquerading as popular AI tools. By leveraging the trust users place in brands like ChatGPT, Claude, Gemini, and Grok, attackers have distributed over 30 extensions that act as silent surveillance platforms, affecting more than 260,000 users.
While these extensions market themselves as productivity assistants for writing, summarization, or chat, their true nature is far more sinister. Instead of running code locally on the user’s machine, they function as “privileged proxies” for a remote server.
“Instead of implementing core functionality locally, they embed remote, server-controlled interfaces inside extension-controlled surfaces and act as privileged proxies,” the report explains.
This architecture is key to the threat. By rendering a full-screen iframe pointing to a remote domain (tapnetic.pro), the attackers can change the extension’s behavior at any time without pushing an update to the Chrome Web Store. “New capabilities can be introduced silently,” the researchers warn.
The extensions are designed to extract a wealth of information from the victim’s browsing session.
- Page Content: The extension can extract titles, text, and metadata from any page the user views, sending this structured data back to the attacker’s server.
- Gmail Access: A subset of extensions specifically targets Gmail, injecting UI elements and reading email content directly from the DOM. “Email message text and related contextual data may be sent off-device… to remote servers,” the report notes.
- Voice & Telemetry: The tools also support voice recognition and include tracking pixels to monitor user retention and attribution.
To evade detection and takedowns, the operators employ a tactic known as “extension spraying.” They publish multiple identical extensions under different names and IDs.
“When one extension is removed, others remain available or are quickly re-published under new identities,” the report states.
For instance, after one extension was removed from the store on February 6, 2025, an identical copy appeared less than two weeks later with the same codebase and infrastructure.
The report serves as a warning for users rushing to adopt the latest AI tools. “Extensions that delegate core functionality to remote, mutable infrastructure should be treated not as convenience tools, but as potential surveillance platforms,” LayerX concludes. Users are advised to be extremely cautious when installing extensions that claim to offer AI capabilities, especially those from unverified developers.
Related Posts:
- Chrome Web Store Under Siege: 40+ Malicious Extensions Found Stealing Data
- Warning: “Sleeper Agent” Chrome Extensions Infect 1.5 Million Users!
- 9 Million Installs: Malicious Chrome VPN Extensions Hijack User Traffic Via Remote PAC Proxy Injection
- Facebook and thousands of companies are spying on you
- Trojan Malware Infiltrates Browser Extensions, Impacts 300,000 Users
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
