• Security researchers identified more than 300 malicious Chrome extensions with over 37 million combined downloads
  • The extensions expose users to tracking, credential theft, and personal information exfiltration through multiple coordinated campaigns
  • Fake AI assistants and productivity tools serve as primary vectors for the sophisticated browser-based attacks
WASHINGTON (TDR) — Security researchers have uncovered a sprawling network of malicious Google Chrome extensions that collectively amassed more than 37 million downloads while exposing users to tracking, credential theft, and personal information exfiltration. The discovery, detailed in a SecurityWeek report published Friday, reveals multiple coordinated campaigns exploiting browser permissions to harvest sensitive data from unsuspecting users worldwide.
The research represents one of the largest exposes of browser extension malware to date, with investigators identifying 287 applications specifically transmitting users’ browsing history or search engine results pages to remote servers. Approximately 27.2 million users installed 153 extensions confirmed to leak browser history immediately upon installation, raising serious questions about Chrome Web Store vetting procedures.

Coordinated Campaigns Target Enterprise And Consumer Data

Researcher Q Continuum, who conducted the network traffic analysis, linked the extensions to 32 distinct entities and identified connections to known distributors of spyware extensions. The investigation suggests a data broker rather than individual extension developers may be directly involved in monetizing the harvested information.
“The extensions have over 37.4 million users. Of these, roughly 27.2 million users installed 153 extensions that were confirmed to leak browser history upon installation.” —SecurityWeek Report, Feb. 14, 2026
In a separate but related discovery, LayerX Security identified 30 additional malicious Chrome extensions with over 260,000 combined downloads that employed sophisticated iframe injection techniques to manipulate content and steal browser data. These extensions posed as AI assistance tools, including fake versions of ChatGPT, Claude, Grok, and Google Gemini assistants.
“Notably, several of the extensions in this campaign were featured by the Chrome Web Store, increasing their perceived legitimacy and exposure.” —LayerX Security Researchers, Feb. 13, 2026

AI Assistants Serve As Trojan Horses

The AiFrame campaign, as dubbed by researchers, utilized extension spraying techniques to evade detection—publishing multiple variants under different names so that when one extension was removed, others remained active. The malicious tools shared identical internal structures, JavaScript logic, permissions, and backend infrastructure despite appearing as separate products.
One particularly sophisticated extension rendered a full-screen iframe pointing to a remote domain, allowing attackers to load remote content directly into the user’s browser while maintaining the appearance of legitimate AI functionality. These extensions could extract data from active tabs, trigger voice recognition, and embed explicit tracking pixel scripts.
“While these tools appear legitimate on the surface, they hide a dangerous architecture: instead of implementing core functionality locally, they embed remote, server-controlled interfaces inside extension-controlled surfaces and act as privileged proxies, granting remote infrastructure access to sensitive browser capabilities.” —Natalie Zargarov, LayerX Researcher, Feb. 13, 2026
Fifteen extensions specifically targeted Gmail, extracting email content and transmitting it to third-party infrastructure controlled by the attackers. The extensions functioned as general-purpose access brokers, capable of harvesting data, monitoring user behavior, and evolving silently over time without triggering security alerts.

Enterprise Platforms Under Siege

Beyond consumer targeting, recent investigations revealed five malicious extensions specifically designed to infiltrate enterprise HR platforms including Workday, NetSuite, and SAP SuccessFactors. These extensions, discovered by Socket Security in January 2026, harvested authentication cookies every 60 seconds while blocking security administration pages to prevent incident response.
“The malicious Chrome extensions, with four linked to the publisher ‘databycloud1104’ and a fifth operating under ‘software access’ while sharing identical backend infrastructure, have collectively reached over 2,300 enterprise users.” —Hive Pro Threat Advisory, 2026
The enterprise-focused attack created what security experts described as a “containment nightmare” by continuously stealing fresh session tokens while simultaneously preventing security administrators from accessing credential rotation interfaces or audit logs. This session hijacking technique bypassed multi-factor authentication by stealing authenticated session tokens rather than attempting to compromise login credentials directly.

ChatGPT Sessions Compromised

Another coordinated campaign specifically targeted ChatGPT users through 16 distinct extensions sharing nearly identical code structures. Rather than exploiting the platform itself, these extensions monitored outbound traffic from ChatGPT pages to intercept authentication headers and session tokens, granting attackers full access to conversation history and saved context without requiring passwords.
“This campaign represents a shift from traditional credential theft toward session-level compromise, where attackers bypass authentication entirely by operating inside trusted browser contexts.” —Security Researchers, Jan. 28, 2026
The extensions were distributed through the official Chrome Web Store and positioned as productivity tools designed to improve AI workflows, significantly lowering user suspicion during installation.

Google’s Response And User Protection

While many of the identified extensions have been removed from the Chrome Web Store, users who downloaded them remain at risk. Cybersecurity experts recommend immediate audits of installed extensions, removal of unfamiliar tools—particularly those claiming to provide access to HR or AI platforms—and resetting passwords from clean systems.
“If you suspect you’ve installed a malicious browser extension by mistake, speed matters in the race to protect your accounts.” —McAfee Security Labs, Nov. 20, 2025
The discoveries highlight fundamental vulnerabilities in browser extension architectures and demonstrate why enhanced scrutiny of seemingly legitimate productivity add-ons represents a critical defensive requirement for both individual and enterprise security programs. Researchers noted that while Chrome’s MV3 model imposes stricter limitations on dynamic script execution than previous versions, certain malicious extensions continue to evade detection by embedding harmful logic within seemingly harmless scripts.
When browser extensions with millions of downloads can operate for months while exfiltrating sensitive data, what systemic changes must platform operators implement to prevent the Chrome Web Store from serving as a distribution channel for sophisticated malware campaigns?

Sources

This report was compiled using information from SecurityWeek’s coverage of the 300 malicious extensions, Infosecurity Magazine’s analysis of fake AI assistants, Centrexit’s report on enterprise HR platform targeting, Hive Pro’s threat advisory on session hijacking, LayerX Security’s research on ChatGPT extension campaigns, Diamatix analysis of ChatGPT session hijacking, McAfee’s guidance on identifying malicious extensions, Malwarebytes removal instructions, and academic research on browser extension vulnerabilities.

Freedom-Loving Beachwear by Red Beach Nation - Save 10% With Code RVM10