A silent threat has infiltrated the Chrome browser, and hundreds of thousands of users are unknowingly at risk. Security experts have uncovered a network of 30 malicious extensions, masquerading as helpful AI tools, but designed to steal your most sensitive information.
These aren’t obscure, fly-by-night programs. They were readily available within the official Chrome Web Store, and at times, even *recommended* to users. The creators skillfully bypassed security measures, allowing them to operate undetected for a disturbing length of time.
The danger lies in how these extensions function. They operate as hidden proxies, granting themselves sweeping permissions to monitor and copy data from your active browser tabs. This includes passwords, banking details, and any other sensitive information you enter online – all sent directly to the attackers.
The extensions lure victims with names that mimic legitimate AI platforms like ChatGPT and Gemini. However, subtle misspellings – like “ChatGBT” – and generic titles such as “AI Assistant” or “AI Translator” are common red flags. They prey on the growing demand for AI-powered tools.
Several extensions have amassed a significant number of installations, highlighting the scale of the problem. “AI Assistant” alone has been installed by 50,000 users, while “Gemini AI Sidebar” reached a staggering 80,000. “AI Sidebar” and “ChatGPT Translate” also boast tens of thousands of unsuspecting users.
The attackers are proving remarkably resilient. Researchers discovered one malicious extension last year, reported it, and saw it removed. But just two weeks later, it reappeared in the store under a new name and with a modified identity, continuing its insidious work.
Simply relying on official app stores is no longer enough protection. This campaign demonstrates that even the most trusted sources can be compromised. Vigilance is now paramount in safeguarding your digital life.
Pay close attention to the details. Be wary of extensions with misspelled names, vague descriptions, or those requesting excessive permissions that don’t align with their stated function. Question why a simple translator needs access to your banking information.
If you’re seeking AI integration within your browser, stick to official applications directly from reputable companies like OpenAI and Google. Supplement this with robust antivirus software to provide an additional layer of defense against evolving threats.
Protecting yourself requires a proactive approach. Don’t assume that an extension’s presence in an official store guarantees its safety. Your online security depends on informed decisions and a healthy dose of skepticism.
