260,000+ Chrome Users Compromised: 30 Fake AI Extensions Hijack Browsing & Email Data
Another day, another digital heist—this time, malware masquerading as helpful AI tools.
The Bait and Switch
Security researchers just uncovered a network of over thirty fraudulent browser extensions. They promised AI-powered productivity boosts—summaries, chatbots, content generators. Instead, they siphoned everything: browsing history, authentication cookies, and sensitive email data from active Gmail and Outlook sessions.
The Scale of the Breach
The fake add-ons infiltrated over a quarter-million browsers before getting yanked from the Chrome Web Store. That's 260,000-plus users who thought they were installing a helpful assistant, not a data vacuum.
How the Scam Worked
The extensions bypassed initial scrutiny with clean code. Once installed and trusted, they pulled malicious updates directly from command servers. This 'delayed payload' tactic evaded store reviews and turned legitimate tools into spyware overnight.
The Aftermath
Google purged the extensions, but the damage is done. Stolen session cookies grant attackers persistent access to accounts—no passwords needed. It's a blunt reminder: in the rush to adopt AI, due diligence gets cut. Even the most sophisticated tech is useless if the gateway is a Trojan horse.
And in a twist that would make a crypto skeptic smirk—this entire scheme was more efficient at extracting value than half the DeFi projects on the market. At least the thieves here delivered a product first.
Trusted AI names used as cover
The timing was not random. With people eagerly adopting AI tools for both work and personal use, attackers seized on that excitement to slip in under the radar. The bogus extensions claimed ties to familiar AI services such as ChatGPT, Claude, Gemini, and Grok, brands that inspire instant recognition and confidence.
Although they went by different names, displayed varied logos, and carried distinct descriptions, all 30 extensions were fundamentally identical beneath the surface. They ran the same underlying code, requested the same broad permissions, and funneled data to the same concealed servers.
LayerX researchers described the approach as “extension spraying”, flooding the store with near-identical variants to evade detection and removal by Chrome Web Store moderators. The strategy paid off: several even earned “featured” placement, boosting their apparent legitimacy and helping rack up more installations.
What made these extensions particularly insidious was their method of operation. Instead of performing any genuine AI processing locally on the user’s device, they pulled in hidden full-screen overlays hosted on attacker-controlled servers, one confirmed domain being tapnetic.pro.
This setup allowed the operators to alter the extension’s behavior on the fly, without ever submitting updates through Google’s review process. Users had no way to spot the shifts.
Once active, the extensions could extract text, page titles, and other elements from any site a person visited, including protected pages that required logins, such as workplace portals or personal accounts, and relay everything to remote servers.
Gmail users in the crosshairs
Fifteen of the 30 extensions zeroed in on Gmail users specifically. LayerX dubbed this group the “Gmail integration cluster.” Marketed under separate names and pitched for different uses, all 15 shared the exact same code targeting Gmail. It injected scripts directly into Gmail’s interface, repeatedly grabbing the text of any open conversations visible on screen.
In simpler terms, full email content, including drafts and entire threads, could be pulled from Gmail and shipped off to the attackers’ servers. The report added that using Gmail’s built-in AI tools, such as smart replies or message summaries, sometimes triggered even greater capture of content, sending it beyond Google’s ecosystem.
This fits into a broader and worsening pattern. LayerX pointed out that only a month prior, they exposed 16 other extensions designed to steal session tokens from ChatGPT accounts, impacting over 900,000 users. In another case, two AI sidebar extensions leaked chat histories from DeepSeek and ChatGPT, affecting an additional 900,000 installs.
With Chrome boasting roughly 3 billion users globally and Gmail serving 2 billion, the browser’s extension ecosystem makes an especially tempting target for this kind of operation.
Anyone who is worried they’ve been hit can check LayerX’s published list of the malicious extensions. Simply head to “chrome://extensions” in your browser to inspect installed items and uninstall anything questionable. Enabling two-step verification on accounts is another smart step right now.
Zargarov delivered a blunt caution: “As generative AI continues to gain popularity, defenders should expect similar campaigns to proliferate.” Security professionals emphasize that the safest route is relying on AI features already integrated into trusted apps and platforms, rather than rolling the dice on unfamiliar third-party extensions.
Sharpen your strategy with mentorship + daily ideas - 30 days free access to our trading program
