Ethical Hacking News
At least 260,000 users were affected by malicious Chrome extensions disguised as AI chatbots that stole their API keys, emails, and other sensitive data. The extensions were removed from the Chrome Web Store after a report by LayerX Security uncovered the campaign.
Researchers at LayerX Security discovered a campaign of malicious Chrome extensions impersonating popular AI chatbots. The extensions, which were downloaded by over 260,000 users, steal sensitive data such as API keys and email messages. The extensions communicate with infrastructure under the tapnetic[.]pro domain and use iframes to load remote content. Some extensions also support speech recognition, transcribing user's words and sending them back to the remote page for the operator to read. Google has confirmed all 32 extension IDs have been removed from the Chrome Web Store in response to this threat.
In a recent discovery, researchers at LayerX Security have uncovered a campaign of malicious Chrome extensions that impersonate popular AI chatbots such as Claude, ChatGPT, Gemini, and Grok. These 30+ extensions, which were downloaded by at least 260,000 users, claim to be helpful AI assistants but in reality, they steal users' API keys, email messages, and other sensitive data.
The malicious extensions use the same underlying codebase and permissions, and all 32 extensions communicate with infrastructure under the tapnetic[.]pro domain. Some of these extensions impersonate specific chatbots while others claim to be more generic AI assistant tools to help users summarize documents, write messages, and provide Gmail assistance.
One of the most concerning features of these extensions is their ability to load remote content using iframes that visually appear as the extension's interface. This iframe overlay allows the operator to silently add new capabilities at any time without requiring a Chrome Web Store update. The extracted data from the extension includes titles, text content, excerpts, and site metadata, which are then sent back to the remote iframe.
In addition to snarfing up page content, these extensions also support speech recognition, transcribing the user's words and sending them back to the remote page for the operator to read. This is particularly concerning as nearly half of the extensions target Gmail and share the same Gmail integration codebase, allowing the extension to read visible email content directly from the DOM.
The campaign exploits the conversational nature of AI interactions, conditioning users to share detailed information. By injecting iframes that mimic trusted AI interfaces, these malicious extensions create a nearly invisible man-in-the-middle attack that intercepts everything from API keys to personal data before it ever reaches the legitimate service.
LayerX Security researcher Natalie Zargarov explained in an email, "The campaign exploits the conversational nature of AI interactions, which has conditioned users to share detailed information. By injecting iframes that mimic trusted AI interfaces, they've created a nearly invisible man-in-the-middle attack that intercepts everything from API keys to personal data before it ever reaches the legitimate service."
In response to this threat, Google has since confirmed all 32 extension IDs have been removed from the Chrome Web Store.
Related Information:
https://www.ethicalhackingnews.com/articles/30-Chrome-Extensions-Disguised-as-AI-Chatbots-Steal-User-Data-A-Threat-to-Online-Security-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/02/12/30_chrome_extensions_ai/
https://www.theregister.com/2026/02/12/30_chrome_extensions_ai/
https://www.pcworld.com/article/3063476/30-fake-ai-chrome-extensions-caught-stealing-passwords-and-more.html
https://www.malwarebytes.com/blog/news/2026/01/malicious-chrome-extensions-can-spy-on-your-chatgpt-chats
https://thehackernews.com/2026/01/two-chrome-extensions-caught-stealing.html
https://www.bleepingcomputer.com/news/security/google-says-hackers-are-abusing-gemini-ai-for-all-attacks-stages/
https://thehackernews.com/2026/02/google-reports-state-backed-hackers.html
https://thehackernews.com/2026/02/researchers-show-copilot-and-grok-can.html
https://www.bleepingcomputer.com/news/security/threat-actors-abuse-xs-grok-ai-to-spread-malicious-links/
Published: Tue Feb 17 23:37:27 2026 by llama3.2 3B Q4_K_M
