Malicious Chrome AI Extensions Target 260,000 Users via Injected iFrames
Security firm LayerX researchers uncovered the “Aiframe” campaign, impacting over 260,000 users by injecting remote-controlled iframes for surveillance and data theft.
These extensions, many featured in the Chrome Web Store, mimic AI summarizers, chat sidebars, translators, and Gmail helpers.
They share identical code, excessive permissions, and backend ties to tapnetic.pro. Instead of local processing, they overlay full-screen iframes from attacker subdomains like claude.tapnetic.pro, granting remote servers access to browser APIs without store updates or alerts.
The attack extracts tab content via Mozilla’s Readability library titles, text, and
metadata from any site, including authenticated pages. Voice data collection uses Web Speech API. Gmail-focused variants (15 total) inject scripts at document start on mail.google.com, persisting via MutationObserver to scrape emails and drafts, bypassing Google’s protections.
Extension spraying evades takedowns: When “Gemini AI Sidebar” (ID: fppbiomdkfbhgjjdmojlogeceejinadg) was removed on February 6, 2025, it reappeared as “AI Sidebar” (gghdfkafnhfpaooiolhncejnlgglhkhe) on February 20 with unchanged malicious traits.
No direct CVEs link to these extensions, but they exploit Chrome’s extension model flaws. Here’s a summary table of the top affected extensions:
| Extension ID | Name | Installs | Risk Level (Est. CVSS equiv.) | Description |
|---|---|---|---|---|
| fppbiomdkfbhgjjdmojlogeceejinadg | Gemini AI Sidebar | 80,000 | 8.8 (High) | Iframe injection, Gmail scraping |
| nlhpidbjmmffhoogcennoiopekbiglbp | AI Assistant | 50,000 | 8.6 (High) | Content extraction, voice recog |
| gghdfkafnhfpaooiolhncejnlgglhkhe | AI Sidebar | 50,000 | 8.8 (High) | Republished variant, evasion |
| acaeafediijmccnjlokgcdiojiljfpbe | ChatGPT Translate | 30,000 | 7.5 (High) | Tab metadata theft |
Tapnetic.pro and onlineapp.pro host C2 subdomains themed to AI brands, masking as legit sites. IOCs include:
| Indicator Type | Value |
|---|---|
| C2 Domain | tapnetic[.]pro |
| C2 Domain | onlineapp[.]pro |
| Subdomain | claude.tapnetic.pro |
| Subdomain | chatgpt.tapnetic.pro |
| Subdomain | gemini.tapnetic.pro |
MITRE ATT&CK mappings: T1583 (Acquire Infrastructure), T1189 (Drive-by Compromise), T1036 (Masquerading), T1557 (Adversary-in-the-Middle), T1071.001 (Web Protocols C2).
Users should audit extensions, revoke permissions, and monitor for anomalies. Enterprises: Enforce allowlists. Expect more AI-themed threats as adoption grows.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post Malicious Chrome AI Extensions Target 260,000 Users via Injected iFrames appeared first on Cyber Security News.
Last time I checked, the color indigo looked a little different. | Photo: Antonio G.…
Today on Decoder, let’s talk about prediction markets, which continue to insert themselves into the…
War zones have always been hunting grounds for opportunistic attackers, but the RedAlert mobile espionage…
War zones have always been hunting grounds for opportunistic attackers, but the RedAlert mobile espionage…
War zones have always been hunting grounds for opportunistic attackers, but the RedAlert mobile espionage…
A high-severity vulnerability, CVE-2026-25611 (CVSS 7.5), has been discovered in MongoDB, allowing unauthenticated attackers to…
This website uses cookies.