AI-powered browser extensions pose significant threats to user security, according to researchers at LayerX. Recent campaigns, including the malicious AiFrame scheme, have targeted Chrome, Firefox, and Edge users. Approximately 30 deceptive Chrome add-ons, resembling popular AI assistants like ChatGPT and Claude, have amassed over 300,000 installs. These extensions masquerade as tools for writing, summarizing, and email assistance, but they grant attackers extensive remote access to user data. Capabilities include voice recognition and email content monitoring. All identified extensions share a common infrastructure, allowing attackers to update them without user consent. Users are urged to scrutinize their installed extensions using the Chrome Developer mode, remove any suspicious add-ons, and reset passwords. Despite some extensions being eliminated from the Chrome Web Store, others with “Featured” badges remain, emphasizing the need for careful vetting of browser extensions to protect personal information.
Source link
Share
Read more