Cybercriminals are exploiting the growing popularity of artificial intelligence tools by distributing malicious Chrome browser extensions that masquerade as legitimate AI services.
These fake extensions, mimicking popular AI platforms like ChatGPT, Claude, Perplexity, and Meta’s Llama, are designed to hijack user prompts and redirect them to attacker-controlled domains for malicious purposes.
Security researchers from Palo Alto Networks’ Unit42 have identified a concerning trend of malicious browser extensions posing as AI tools, building on their previous research from August 2025.
These extensions capitalize on users’ trust in well-known AI brands to infiltrate their browsing activities and steal sensitive information.
The malicious extensions operate by allowing users to type AI prompts directly into Chrome’s search bar, creating the illusion of legitimate functionality.
However, instead of processing these prompts through genuine AI services, the extensions hijack the data and redirect queries to domains controlled by threat actors.
Technical Methods of Attack
These malicious extensions employ sophisticated techniques to compromise user security. They override Chrome’s default search engine settings using the chrome_settings_overrides manifest key, effectively redirecting all search queries through attacker-controlled infrastructure.
The primary malicious domains identified in this campaign include chatgptforchrome[.]com, dinershtein[.]com, and gen-ai-search[.]com. These domains serve as collection points for hijacked prompts and enable comprehensive tracking of users’ browsing activities.
This threat campaign has roots dating back to 2023, when researchers first identified an extension called ‘AI ChatGPT’ linked to the chatgptforchrome[.]com domain.
That earlier version reached approximately 15,800 users and contained obfuscated JavaScript specifically designed to steal Facebook account credentials.
The current iteration demonstrates the evolution of this threat, with a new extension named ‘Chat AI for Chrome’ using the same malicious domain infrastructure.
These extensions are promoted through deceptive YouTube videos that entice users into installation, leveraging social engineering tactics to increase their victim base.
Infographic outlining five key steps to identify malicious Chrome extensions, including reviewing installs, checking permissions, verifying owners, updating software, and using antivirus
Identified Malicious Extensions
Unit42 researchers have cataloged eight specific AI-themed malicious Chrome extensions currently in circulation:
- Claude Search (akfnjopjnnemejchppfpomhnejoiiini).
- AI ChatGPT (boofekcjiojcpcehaldjhjfhcienopme) – previously reported.
- ChatGPT for Chrome (bpeheoocinjpbchkmddjdaiafjkgdgoi).
- Perplexity Search (ecimcibolpbgimkehmclafnifblhmkkb).
- Chat AI for Chrome (jhhjbaicgmecddbaobeobkikgmfffaeg).
- GenAISearch (jijilhfkldabicahgkmgjgladmggnkpb).
- ChatGPT Search (lnjebiohklcphainmilcdoakkbjlkdpn).
- Meta Llama Search (pjcfmnfappcoomegbhlaahhddnhnapeb).
Users can protect themselves by exercising caution when installing browser extensions, particularly those claiming to provide AI functionality.
Always verify extensions through official Chrome Web Store listings and check developer credibility before installation.
Organizations should implement comprehensive browser security policies that restrict unauthorized extension installations and regularly audit existing extensions for potential threats. Additionally, maintaining updated antivirus software and browser security settings can help detect and prevent such malicious activities.
The emergence of AI-themed malicious extensions represents a significant evolution in cybercriminal tactics, exploiting users’ enthusiasm for AI technology to facilitate data theft and privacy violations.
As AI tools continue to gain popularity, users must remain vigilant against these sophisticated impersonation attacks that leverage trusted brand names to compromise digital security.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
