Despite ongoing efforts by Google to tighten security, malicious browser extensions continue to find their way onto the Chrome Web Store — and into users’ browsers — putting their data and devices at risk. These add-ons can hijack browsing data, steal credentials, or inject unwanted content.
LayerX Discovers The “AiFrame” Campaign
Researchers at browser security platform LayerX recently uncovered a malicious operation, which they named AiFrame. It involves 30 malicious Chrome extensions that are part of the same coordinated effort and pose as AI assistants for summarization, chat, writing, and Gmail assistance.
The researchers determined this after finding that each extension communicates with infrastructure hosted under a single domain: tapnetic[.]pro. They also discovered that all the extensions share:
- The same internal structure
- Identical JavaScript logic
- Similar permission requests
- The same backend infrastructure
This confirmed the campaign was not random — but a large, organized operation.
Over 300,000 Users Affected
According to LayerX, the 30 malicious extensions have been installed by more than 300,000 users.
The most popular extension in the campaign was called Gemini AI Sidebar (fppbiomdkfbhgjjdmojlogeceejinadg), which had 80,000 users before it was removed from the Chrome Web Store.
However, investigations by BleepingComputer found that several other malicious extensions remain live on Google’s repository — some of which have been installed tens of thousands of times.
Among them are:
- AI Sidebar (gghdfkafnhfpaooiolhncejnlgglhkhe) – 70,000 users
- AI Assistant (nlhpidbjmmffhoogcennoiopekbiglbp) – 60,000 users
- ChatGPT Translate (acaeafediijmccnjlokgcdiojiljfpbe) – 30,000 users
- AI GPT (kblengdlefjpjkekanpoidgoghdngdgl) – 20,000 users
- ChatGPT (llojfncgbabajmdglnkbhmiebiinohek) – 20,000 users
- AI Sidebar (djhjckkfgancelbmgcamjimgphaphjdl) – 10,000 users
- Google Gemini (fdlagfnfaheppaigholhoojabfaapnhb) – 10,000 users
Researchers note that in some cases, the extension names may differ, but the identifying code and structure remain the same.
How The Extensions Work
Although the extensions present themselves as AI assistants, they do not run AI functionality locally. Instead, they render a full-screen iframe that loads content from a remote domain.
This is a major security concern because it allows the operators to change the extension’s behavior at any time, without submitting an update to the Chrome Web Store for review.
Security experts compare this technique to how Microsoft Office Add-ins function, where remote logic can be altered without pushing a new version.
Data Theft In The Background
While displaying a fake AI interface, the extensions quietly extract data in the background.
LayerX found that the add-ons:
- Scrape content from websites users visit
- Capture data from sensitive authentication pages
- Use Mozilla’s Readability library to extract page content
What is more concerning is that 15 of the extensions specifically target Gmail users.
“When Gmail-related features such as AI-assisted replies or summaries are invoked, the extracted email content is passed into the extension’s logic and transmitted to third-party backend infrastructure controlled by the extension operator,” LayerX wrote in a blog post published on Thursday.
“As a result, email message text and related contextual data may be sent off-device, outside of Gmail’s security boundary, to remote servers.”
Why This Attack Is So Dangerous
Although the extensions present themselves as AI assistants, they do not run AI functionality locally. Instead, they render a full-screen iframe that loads content from a remote domain. This lets attackers:
- Modify behaviour anytime
- Inject malicious scripts
- Steal data silently
Some of the extensions have been removed, but several remain available — putting additional users at risk.
How To Protect Yourself
Cybersecurity experts recommend taking these precautions:
Verify the developer: Check their website, reputation, and other projects
Don’t trust ratings alone: Reviews can be fake
Use antivirus software: It can detect suspicious behaviour
Limit permissions: Avoid extensions requesting excessive access
Use web-based AI tools: Safer than installing add-ons
For frequent extension users, identity monitoring services can also help reduce damage if data theft occurs.
The Bottom Line
The AiFrame campaign shows that malicious extensions are evolving — and that even AI-branded tools can hide serious threats.
With over 300,000 users already affected and some extensions still active, experts warn that a few extra seconds of caution before installing an extension may prevent serious privacy and financial damage later.
