{"id":213533,"date":"2026-02-13T06:25:00","date_gmt":"2026-02-13T11:25:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/13\/fake-ai-assistants-in-google-chrome-web-store-steal-passwords\/"},"modified":"2026-02-14T16:00:10","modified_gmt":"2026-02-14T21:00:10","slug":"fake-ai-assistants-in-google-chrome-web-store-steal-passwords","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/13\/fake-ai-assistants-in-google-chrome-web-store-steal-passwords\/","title":{"rendered":"Fake AI Assistants in Google Chrome Web Store Steal Passwords"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/fake-ai-assistants-google-chrome\/\">Fake AI Assistants in Google Chrome Web Store Steal Passwords<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/fake-ai-assistants-google-chrome\/\">https:\/\/www.infosecurity-magazine.com\/news\/fake-ai-assistants-google-chrome\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-13 06:25:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p>Over 260,000 Google Chrome users have downloaded fake AI assistants designed to deliver malicious browser extensions which can steal login credentials, monitor emails and enable remote access by attackers.<\/p>\n<p>Over 30 Google Chrome extensions designed to deliver the phoney AI assistants have been identified by cybersecurity researchers at LayerX, who describe the campaign as a \u201csingle coordinated operation.\u201d<\/p>\n<p>\u201cNotably, several of the extensions in this campaign were\u00a0featured by the Chrome Web Store, increasing their perceived legitimacy and exposure,\u201d they said.<\/p>\n<p>One of these was called \u2018AI Assistant,\u2019 which masqueraded as an extension for Anthropic\u2019s Claude AI and was downloaded over 50,000 times. Other extensions mimicked other popular AI assistants and chatbots, including ChatGPT, Grok and Google Gemini.<\/p>\n<p>The malicious extensions were published under different names and with various use cases, but the way they share underlying codebase, permissions and backend infrastructure has led researchers to suggest they all form part of one campaign they have called AiFrame, which has engaged in \u201cextension spraying.\u201d<\/p>\n<p>This technique is used by attackers to evade takedowns, as when one extension is removed, others remain available to download, or the extension gets quickly replaced to ensure the campaign remains active.<\/p>\n<p>Some of the malicious extensions direct users to infrastructure which is hosted away from the Chrome Web Store, which helped them to avoid being flagged as dangerous.<\/p>\n<p>Another trick used by the fake AI assistants is based on a full screen iframe, which overlays another page over the current one. This new frame, which to the user looks like an extension of the user interface, is pointed towards a remote domain which allows the attackers to load remote content and capabilities, away from the Chrome Web Store.<\/p>\n<p>This also allows the fake AI assistants to exfiltrate data from the Google Chrome Browser and Gmail to servers controlled by the&#8230;<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/fake-ai-assistants-google-chrome\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fake AI Assistants in Google Chrome Web Store Steal Passwords https:\/\/www.infosecurity-magazine.com\/news\/fake-ai-assistants-google-chrome\/ Publish Date: 2026-02-13 06:25:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":213534,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/3f886078-8248-4f32-a38f-af22abf19a7f.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24],"class_list":["post-213533","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213533"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=213533"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213533\/revisions"}],"predecessor-version":[{"id":213535,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/213533\/revisions\/213535"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/213534"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=213533"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=213533"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=213533"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}