300,000 Chrome users hit by fake AI extensions

Your web browser whitethorn consciousness similar a harmless place, particularly erstwhile you instal adjuvant tools that committedness to marque your beingness easier. But information researchers person uncovered a unsafe run successful which much than 300,000 radical installed Chrome extensions pretending to beryllium artificial quality (AI) assistants. Instead of helping, these fake tools secretly cod delicate accusation similar your emails, passwords and browsing activity.

They utilized acquainted names similar ChatGPT, Gemini and AI Assistant. If you usage Chrome and person installed immoderate AI-related extension, your idiosyncratic accusation whitethorn already beryllium exposed. Even worse, immoderate of these malicious extensions are inactive disposable today, putting much radical astatine hazard without their knowing.

Sign up for my FREE CyberGuy Report
Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide – escaped erstwhile you articulation my CYBERGUY.COM newsletter.

More than 300,000 Chrome users installed fake AI extensions that secretly harvested delicate data. (Kurt "CyberGuy" Knutsson)

What you request to cognize astir fake AI extensions

Security researchers astatine browser information institution LayerX discovered a ample run involving 30 malicious Chrome extensions disguised arsenic AI-powered assistants (via BleepingComputer). Together, these extensions were installed much than 300,000 times by unsuspecting users.

Some of the astir fashionable extensions included names similar AI Sidebar with 70,000 users, AI Assistant with 60,000 users, ChatGPT Translate with 30,000 users, and Google Gemini with 10,000 users. Another hold called Gemini AI Sidebar had 80,000 users earlier it was removed.

These extensions were distributed done the authoritative Chrome Web Store, which made them look morganatic and trustworthy. Even much concerning, researchers recovered that galore of these extensions were connected to the aforesaid malicious server, showing they were portion of a coordinated effort.

While immoderate extensions person since been removed, others stay available. This means caller users could inactive unknowingly instal them and exposure their idiosyncratic data. Here's the database of the affected extensions:

• AI Assistant
• Llama
• Gemini AI Sidebar
• AI Sidebar
• ChatGPT Sidebar
• Grok
• Asking ChatGPT
• ChatGBT
• Chat Bot GPT
• Grok Chatbot
• Chat With Gemini
• XAI
• Google Gemini
• Ask Gemini
• AI Letter Generator
• AI Message Generator
• AI Translator
• AI For Translation
• AI Cover Letter Generator
• AI Image Generator ChatGPT
• Ai Wallpaper Generator
• Ai Picture Generator
• DeepSeek Download
• AI Email Writer
• Email Generator AI
• DeepSeek Chat
• ChatGPT Picture Generator
• ChatGPT Translate
• AI GPT
• ChatGPT Translation
• ChatGPT for Gmail

FAKE AI CHAT RESULTS ARE SPREADING DANGEROUS MAC MALWARE

These malicious tools were listed successful the authoritative Chrome Web Store, making them look morganatic and trustworthy. (LayerX)

How the fake AI Chrome hold onslaught works

These fake extensions unreal to connection adjuvant AI features, specified arsenic translating text, summarizing emails, oregon acting arsenic an AI assistant. But down the scenes, they softly show what you are doing online.

Once installed, the hold gains support to presumption and interact with the websites you visit. This allows it to work the contents of web pages, including login screens wherever you participate your username and password.

In immoderate cases, the extensions specifically targeted Gmail. They could work your email messages straight from your browser, including emails you received and adjacent drafts you were inactive writing. This means attackers could entree backstage conversations, fiscal accusation and delicate idiosyncratic details.

The extensions past sent this accusation to servers controlled by the attackers. Because they loaded contented remotely, the attackers could alteration their behaviour astatine immoderate clip without needing to update the extension.

Some versions could besides activate dependable features done your browser. This could perchance seizure spoken conversations adjacent your instrumentality and nonstop transcripts backmost to the attackers.

If you installed 1 of these extensions, attackers whitethorn already person entree to highly delicate information. This includes your email content, login credentials, browsing habits and perchance adjacent dependable recordings.

We reached retired to Google for comment, and a spokesperson told CyberGuy that the institution "can corroborate that the extensions from this study person each been removed from the Google Web Store."

BROWSER EXTENSION MALWARE INFECTED 8.8M USERS IN DARKSPECTRE ATTACK

Once installed, the extensions could work emails, seizure passwords, show browsing enactment and nonstop the information to attacker-controlled servers. (Bildquelle/ullstein bild via Getty Images)

7 ways you tin support yourself from malicious Chrome extensions

If you person ever installed an AI-related Chrome extension, taking a fewer elemental precautions present tin assistance support your accounts and forestall further damage.

1) Remove immoderate suspicious oregon unused browser extensions

On a Windows PC oregon Mac, unfastened Chrome and benignant chrome://extensions into the code bar. Review each hold listed. If you spot thing unfamiliar, particularly AI assistants you don't retrieve installing, click "Remove" immediately. Malicious extensions beryllium connected going unnoticed. Removing them stops further information postulation and cuts disconnected the attacker's entree to your information.

2) Change your passwords

If you installed immoderate suspicious extension, presume your passwords whitethorn beryllium compromised. Start by changing your email password first, since email controls entree to astir different accounts. Then update passwords for banking, buying and societal media accounts. This prevents attackers from utilizing stolen credentials to interruption into your accounts.

3) Use a password manager to make and support beardown passwords

A password manager generates unique, analyzable passwords for each relationship and stores them securely. This prevents attackers from accessing aggregate accounts if 1 password is stolen. Password managers besides alert you if your login credentials look successful known information breaches, helping you respond rapidly and support your identity. Check retired the champion expert-reviewed password managers of 2026 astatine Cyberguy.com.

4) Install beardown antivirus bundle and support it active

Good antivirus bundle tin observe malicious browser extensions, spyware, and different hidden threats. It scans your strategy for suspicious enactment and blocks harmful programs earlier they tin bargain your information. This adds an important furniture of extortion that works continuously successful the inheritance to support your instrumentality safe. Get my picks for the champion 2026 antivirus extortion winners for your Windows, Mac, Android & iOS devices astatine Cyberguy.com.

5) Use an individuality theft extortion service

Identity theft extortion services show your idiosyncratic data, including email addresses, fiscal accounts, and Social Security numbers, for signs of misuse. If criminals effort to unfastened accounts oregon perpetrate fraud utilizing your information, you person alerts quickly. Early detection allows you to enactment accelerated and bounds fiscal and idiosyncratic damage. See my tips and champion picks connected however to support yourself from individuality theft astatine Cyberguy.com.

6) Keep your browser and machine afloat updated

Software updates hole information vulnerabilities that attackers exploit. Enable automatic updates for Chrome and your operating strategy truthful you ever person the latest protections. These updates fortify your defenses against malicious extensions and forestall attackers from taking vantage of known weaknesses.

7) Use a idiosyncratic information removal service

Personal information removal services scan information broker websites that cod and merchantability your idiosyncratic information. They assistance region your information from these sites, reducing what attackers tin find and usage against you. Less exposed accusation means less opportunities for criminals to people you with scams, individuality theft oregon phishing attacks.

Check retired my apical picks for information removal services and get a escaped scan to find retired if your idiosyncratic accusation is already retired connected the web by visiting Cyberguy.com.

Get a escaped scan to find retired if your idiosyncratic accusation is already retired connected the web: Cyberguy.com.

Kurt's cardinal takeaway

Even tools designed to marque your beingness easier tin go tools for cybercriminals. Malicious extensions often fell down trusted names and convincing features, making them hard to spot. You tin importantly trim your hazard by reviewing your browser extensions regularly, removing thing suspicious and utilizing protective tools similar password managers and beardown antivirus software.

Have you checked your browser extensions recently? Let america cognize your thoughts by penning to america astatine Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report 
Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide – escaped erstwhile you articulation my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.

Related Article