Full Report
A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information. [...]
Analysis Summary
# Tool/Technique: AiFrame Malicious Chrome Extensions
## Overview
A campaign involving 30 malicious Chrome extensions masquerading as AI assistants. These extensions have been installed by over 300,000 users with the primary goal of stealing user credentials, browsing information, and private email content (particularly Gmail data). The functionality is delivered remotely via iframes rather than local AI processing.
## Technical Details
- Type: Malware (Malicious Browser Extensions)
- Platform: Google Chrome (Browser platform)
- Capabilities: Stealing credentials, extracting page content, extracting email content (Gmail), remote voice recognition/transcription.
- First Seen: February 12, 2026 (based on publication date of the report).
## MITRE ATT&CK Mapping
- T1566 - Phishing
- T1566.001 - Spearphishing Attachment (Conceptual overlap, as users are tricked into installing malware)
- T1552 - Credentials Access
- T1552.001 - Credentials from Web Browsers
- T1057 - Process Discovery (Implied by scanning website environments)
- T1005 - Data from Local System (Browsing history, stored data)
- T1041 - Exfiltration Over C2 Channel
- T1518 - Software Discovery (Discovering what applications/sites are running)
## Functionality
### Core Capabilities
* **Masquerading:** Posing as popular AI assistants (e.g., Gemini AI Sidebar, ChatGPT Translate).
* **Remote Rendering:** Delivering the promised features by rendering a full-screen `iframe` to load content from a remote domain, allowing logic changes without update pushes.
* **Page Content Extraction:** Utilizing Mozilla’s Readability library to extract page content from visited websites, including sensitive authentication pages.
* **Gmail Data Exfiltration:** Targeting Gmail specifically with dedicated content scripts running at `document_start` on `mail.google.com`. This script reads visible email content directly from the DOM (`.textContent`) and sends it off-device.
### Advanced Features
* **DOM Scraping:** Directly reading email content and thread text from the Document Object Model (DOM), even capturing email drafts when AI features (like assisted replies) are invoked.
* **Remote Voice Processing:** Features remotely triggered voice recognition and transcription generation capabilities using the browser's built-in 'Web Speech API'.
## Indicators of Compromise
- File Hashes: Not provided in the context.
- File Names: Extensions are identified by their names (e.g., Gemini AI Sidebar, AI Sidebar, AI Assistant) and their unique Item IDs (e.g., fppbiomdkfbhgjjdmojlogeceejinadg).
- Registry Keys: Not applicable for browser extensions directly, though preference files may store data.
- Network Indicators: The set of extensions communicates with infrastructure under a single domain: `tapnetic[.]pro`.
- Behavioral Indicators: Injecting UI elements, running scripts at `document_start` specifically on `mail.google.com`, and transmitting extracted content to third-party infrastructure.
## Associated Threat Actors
- Unattributed/Criminal Group operating the "AiFrame" campaign (discovered by LayerX).
## Detection Methods
- Signature-based detection: Identifying the known malicious extension Item IDs (e.g., `gghdfkafnhfpaooiolhncejnlgglhkhe`, `nlhpidbjmmffhoogcennoiopekbiglbp`).
- Behavioral detection: Monitoring for extensions that dynamically load remote content via iframes to execute core functionality, or scripts that specifically target `mail.google.com` to scrape DOM content, especially at `document_start`.
- YARA rules: Not provided in the context.
## Mitigation Strategies
- Users should immediately check their installed Chrome extensions list and remove any matching the known malicious names or IDs.
- Resetting passwords for all accounts suspected to have been accessed while the extensions were installed.
- Relying less on browser extensions for sensitive operations or relying only on extensions subjected to rigorous security auditing.
- Administrators should monitor network traffic for connections to known associated domains.
## Related Tools/Techniques
- Hijacked Microsoft Office Add-ins (similar technique of leveraging remote logic loading via an add-in framework).
- Use of built-in browser APIs (Readability library, Web Speech API) for malicious data gathering.