Back to articles

Fake AI extensions stealing credentials: how to spot them before they read your Gmail

30 fake AI Chrome extensions caught stealing credentials and Gmail data from 300K users. Here's how to check if you're affected and protect yourself.

Maxim Kosterin
6 min read

Someone just installed a shiny new "AI assistant" extension. It promises to summarize pages, write emails, generate images — the usual pitch. It even works. There's an AI chat panel, it responds to prompts, and everything looks legit.

Except behind that interface, the extension is quietly reading every password you type and forwarding your Gmail inbox to a server in another country. And 300,000 people fell for it.

The AiFrame campaign: 30 extensions, one playbook

Security researchers at LayerX recently uncovered a coordinated campaign they're calling "AiFrame." The operation involved 30 Chrome extensions, all disguised as AI productivity tools. Different names, different icons, different store listings — but under the hood, identical code.

Here's how they pulled it off: each extension loads its "AI functionality" through a full-screen iframe pointing to a remote domain. You see a working AI interface. You type a prompt. You get a response. It genuinely looks like a functional AI tool.

Google has since removed the flagged extensions from the Chrome Web Store, but the takedowns happened gradually — some extensions remained available for days after the initial disclosure, and a few had already been re-uploaded under different names before being caught again. The lag between reporting and removal is a recurring pattern with store enforcement, and it's one of the reasons these campaigns keep working. By the time the store acts, the extensions have already racked up hundreds of thousands of installs.

But while you're chatting with what you think is an AI assistant, the extension's background scripts are doing something else entirely. They're injecting content scripts into authentication pages — login forms, OAuth screens, password reset pages — and extracting everything you type. Usernames. Passwords. Session tokens.

And 15 of these 30 extensions went a step further: they specifically targeted Gmail, pulling email content and contact data.

Why this is worse than a typical phishing attack

I've covered malicious extensions before, but this campaign stands out for a few reasons.

First, the extensions actually work. Most malicious extensions deliver zero value and rely on users forgetting they installed them. The AiFrame extensions provide real AI functionality (via those iframes). Users actively use them, leave positive reviews, and recommend them to colleagues. That's a much stronger trust signal than a random popup.

Second, the scale is coordinated and professional. Thirty extensions sharing identical internal architecture, JavaScript logic, permissions, and backend infrastructure. This isn't a solo actor copying code from a tutorial. This is an operation with resources.

Third, the permission model looks reasonable. An AI extension that "reads page content to provide AI-powered summaries" needs broad page access. Users grant it without blinking. The permissions that enable the theft are the same ones that enable the legitimate feature.

That last point is what makes these attacks so effective. The permissions are justified by the stated functionality. There's no obvious red flag in the install dialog.

How to check if you're affected

If you've installed any AI-related Chrome extension recently, here's what to do right now:

1. Audit your AI extensions

Open chrome://extensions/ and look at every extension with "AI" in the name or description. For each one, ask yourself: does this extension come from a developer I recognize? Does the developer have a website, other extensions, a track record?

The AiFrame extensions all came from no-name developer accounts with no other published extensions and no web presence. That's a pattern worth noticing.

2. Check the permission requests

Click "Details" on each extension and scroll to "Permissions." Be suspicious of AI extensions requesting:

  • "Read and change all your data on all websites" — this is the big one
  • Access to tabs, cookies, or webRequest
  • Any permission that doesn't map to the extension's stated purpose

An AI summarizer that needs cookie access? That's not normal.

3. Look at the extension's network behavior

If you're technically inclined, open DevTools (F12) on the extension's popup or side panel. Check the Network tab. Legitimate AI extensions call known APIs (OpenAI, Anthropic, Google). AiFrame extensions routed everything through obscure domains that served as both the AI frontend and the data exfiltration endpoint.

4. Change compromised passwords

If you were using any suspicious AI extension while logging into accounts, change those passwords now. Enable two-factor authentication everywhere you can. Check your Gmail for forwarding rules you didn't create — attackers sometimes set up auto-forwarding to maintain access even after you remove the extension.

5. Use a security scanner

Rather than manually checking each extension, you can use Extenshi's catalog to look up any extension by name or ID. Each listing shows a security analysis including permission breakdowns, data access patterns, and risk indicators. It's a faster way to spot the extensions you should be worried about.

The bigger pattern: AI hype as attack vector

This isn't going to stop. Every major tech trend becomes a distribution channel for malicious extensions. We saw it with cryptocurrency, VPNs, and ad blockers. AI is the current magnet.

The Chrome Web Store review process catches some of these, but the AiFrame campaign suggests that automated review systems may not catch all of them. When extensions deliver actual functionality and the malicious behavior is hidden behind legitimate-looking network calls, detection becomes significantly harder.

That's why individual extension auditing matters. You can't rely on the store to catch everything. You need tools that analyze what extensions actually do with the permissions they request — not just what they claim to do.

What you can do right now

Take five minutes and check your extensions. Open your browser, look at what you have installed, and remove anything you don't actively use. For the extensions you keep, look them up on Extenshi's extension catalog to see their security profile.

If you want to stay on top of extension threats like the AiFrame campaign, the catalog tracks security issues as they're discovered and flags extensions that exhibit suspicious behavior patterns.

Scan your extensions →


This article is based on publicly available security research and news reporting. Extenshi does not independently verify all claims made by third-party researchers. References to specific companies or products reflect the findings of cited sources and do not constitute accusations of intentional wrongdoing. If you believe any information is inaccurate, please contact us at [email protected].

Sources: BleepingComputer — Fake AI Chrome extensions with 300K users steal credentials, emails; LayerX Security Research

Related Articles