Over 300,000 Chrome Users Targeted by Malicious AI Extensions Stealing Sensitive Data
SAN FRANCISCO, Calif. — More than 300,000 Google Chrome users have fallen victim to a widespread cyberattack involving fake AI-powered browser extensions that secretly harvested sensitive personal information, cybersecurity researchers revealed on February 26, 2026. The malicious extensions, masquerading as helpful artificial intelligence assistants, were distributed through the official Chrome Web Store, lending them an air of legitimacy that deceived users into installing them.
Security analysts at LayerX, a browser security firm, uncovered the campaign that involved at least 30 different Chrome extensions designed to steal emails, passwords, and browsing data. These extensions bore familiar names such as “ChatGPT Translate,” “Google Gemini,” “AI Sidebar,” and simply “AI Assistant,” enticing users with the promise of advanced AI functionalities. One particularly popular extension, “Gemini AI Sidebar,” amassed over 80,000 users before it was removed from the store.
The deceptive extensions collectively garnered over 300,000 installations, with some of the most widely downloaded including AI Sidebar with 70,000 users and AI Assistant with 60,000 users. Despite their popularity, these extensions were linked to a centralized malicious server infrastructure, indicating a coordinated effort to siphon off user data on a massive scale.
The incident underscores the growing risks associated with browser extensions, especially those exploiting the surging interest in AI technologies. Users who installed any AI-related Chrome extension are urged to review their installed add-ons immediately and remove any suspicious or unfamiliar ones. Experts warn that some of these malicious extensions remain available on the Chrome Web Store, continuing to put unsuspecting users at risk.
The Federal Trade Commission (FTC) has long cautioned internet users to exercise vigilance when installing browser extensions and software from third-party sources. According to FTC guidelines, users should verify the legitimacy of extensions by checking developer information, user reviews, and permissions requested before installation. The Cybersecurity and Infrastructure Security Agency (CISA) also recommends keeping browsers and extensions up to date and employing security software to detect and mitigate threats.
Google, which operates the Chrome Web Store, has taken steps in recent years to tighten its review process for extensions, but this incident highlights the ongoing challenges in policing the platform. The company’s security team is reportedly investigating the matter and working to remove the remaining malicious extensions.
Cybersecurity experts emphasize that the fallout from such attacks can be severe. Stolen credentials and browsing histories can enable identity theft, financial fraud, and further cyber intrusions. Users affected by this breach are advised to change their passwords immediately and monitor their accounts for suspicious activity.
This event is part of a broader trend where cybercriminals exploit the popularity of AI tools to craft convincing scams and malware. As AI technologies become more integrated into everyday digital experiences, the need for robust security measures and user awareness grows ever more critical.
For more information on protecting yourself from malicious browser extensions, the Federal Bureau of Investigation’s Cyber Division offers resources and alerts on emerging cyber threats. Additionally, the CISA Tips provide practical advice on safe browsing practices and extension management.
Users are encouraged to stay informed and exercise caution, particularly when dealing with software promising AI capabilities, to safeguard their personal information in an increasingly complex digital landscape.
Leave a Reply