18 AI-themed browser extensions deliver RATs, infostealers, and MitM attacks

TargetBrowser extension users; AI service users (ChatGPT, Gmail, Notion); enterprises using AI workflowsVectorMalicious browser extensions distributed via Chrome Web Store, leveraging GenAI productivity lures to gain trusted browser process access for API interception, DOM exfiltration, and proxy-based MitM attacksAttributionunattributed

MITRE ATT&CKT1185T1187T1040T1557T1056T1113IoCslow-reputation domains used for data exfiltration (specific domains not disclosed in report)AffectedChrome browser extensions; affected versions not specified in report body

Affected OrganisationsunattributedSectorsTechnologyEnterprise (general)Confirmed DamageInterception of ChatGPT prompts containing proprietary code and strategic plans; email surveillance during composition; password exfiltration; session hijacking; browser data theft

PatchesGoogle removed or issued warnings for 18 reported extensions via Chrome Web StoreWorkaroundsSource extensions only from trusted providers; adhere to principle of least privilege; scrutinize requested permissions before installation; avoid granting broad browser data access; monitor extension permissions regularlyDetectionMonitor for WebSocket-based C2 channels with automatic reconnection; detect browser API hooking (window.fetch, XMLHttpRequest interception); identify dynamic proxy auto-configuration (PAC) script downloads; monitor chrome.storage.sync and chrome.cookies.onChanged events for persistence mechanisms; review chrome.runtime.onInstalled event execution

Previous CampaignsAI-powered summary extensions exfiltrating data (August 2025); adware with hidden iframes (August 2025); cursor customization PUPs (August 2025); prompt and search hijackers (September 2025); MCP-themed RAT targeting AI developers (February 2026)