Fake AI Chrome extensions expose 300,000 users' passwords and data

Fox News Flash top headlines for February 26

Fox News Flash top headlines are here. Check out what's clicking on FoxNews.com.

NEWYou can now listen to Fox News articles!

Your web browser may feel like a safe place, especially when you install helpful tools that promise to make your life easier. But security researchers have uncovered a dangerous campaign in which more than 300,000 people installed Chrome extensions pretending to be artificial intelligence (AI) assistants. Instead of helping, these fake tools secretly collect sensitive information like your emails, passwords and browsing activity.

They used familiar names like ChatGPT, Gemini and AI Assistant. If you use Chrome and have installed any AI-related extension, your personal information may already be exposed. Even worse, some of these malicious extensions are still available today, putting more people at risk without their knowing.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

More than 300,000 Chrome users installed fake AI extensions that secretly harvested sensitive data. (Kurt "CyberGuy" Knutsson)

What you need to know about fake AI extensions

Security researchers at browser security company LayerX discovered a large campaign involving 30 malicious Chrome extensions disguised as AI-powered assistants (via BleepingComputer). Together, these extensions were installed more than 300,000 times by unsuspecting users.

Some of the most popular extensions included names like AI Sidebar with 70,000 users, AI Assistant with 60,000 users, ChatGPT Translate with 30,000 users, and Google Gemini with 10,000 users. Another extension called Gemini AI Sidebar had 80,000 users before it was removed.

These extensions were distributed through the official Chrome Web Store, which made them appear legitimate and trustworthy. Even more concerning, researchers found that many of these extensions were connected to the same malicious server, showing they were part of a coordinated effort.

While some extensions have since been removed, others remain available. This means new users could still unknowingly install them and expose their personal data. Here's the list of the affected extensions:

AI Assistant
Llama
Gemini AI Sidebar
AI Sidebar
ChatGPT Sidebar
Grok
Asking ChatGPT
ChatGBT
Chat Bot GPT
Grok Chatbot
Chat With Gemini
XAI
Google Gemini
Ask Gemini
AI Letter Generator
AI Message Generator
AI Translator
AI For Translation
AI Cover Letter Generator
AI Image Generator ChatGPT
Ai Wallpaper Generator
Ai Picture Generator
DeepSeek Download
AI Email Writer
Email Generator AI
DeepSeek Chat
ChatGPT Picture Generator
ChatGPT Translate
AI GPT
ChatGPT Translation
ChatGPT for Gmail

FAKE AI CHAT RESULTS ARE SPREADING DANGEROUS MAC MALWARE

These malicious tools were listed in the official Chrome Web Store, making them appear legitimate and trustworthy. (LayerX)

How the fake AI Chrome extension attack works

These fake extensions pretend to offer helpful AI features, such as translating text, summarizing emails, or acting as an AI assistant. But behind the scenes, they quietly monitor what you are doing online.

Once installed, the extension gains permission to view and interact with the websites you visit. This allows it to read the contents of web pages, including login screens where you enter your username and password.

In some cases, the extensions specifically targeted Gmail. They could read your email messages directly from your browser, including emails you received and even drafts you were still writing. This means attackers could access private conversations, financial information and sensitive personal details.

The extensions then sent this information to servers controlled by the attackers. Because they loaded content remotely, the attackers could change their behavior at any time without needing to update the extension.

Some versions could also activate voice features through your browser. This could potentially capture spoken conversations near your device and send transcripts back to the attackers.

If you installed one of these extensions, attackers may already have access to extremely sensitive information. This includes your email content, login credentials, browsing habits and possibly even voice recordings.

We reached out to Google for comment, and a spokesperson told CyberGuy that the company "can confirm that the extensions from this report have all been removed from the Google Web Store."

BROWSER EXTENSION MALWARE INFECTED 8.8M USERS IN DARKSPECTRE ATTACK

Woman sitting on the floor with her laptop.

Once installed, the extensions could read emails, capture passwords, monitor browsing activity, and send the data to attacker-controlled servers. (Bildquelle/ullstein bild via Getty Images)

7 ways you can protect yourself from malicious Chrome extensions

If you have ever installed an AI-related Chrome extension, taking a few simple precautions now can help protect your accounts and prevent further damage.

1) Remove any suspicious or unused browser extensions

On a Windows PC or Mac, open Chrome and type chrome://extensions into the address bar. Review every extension listed. If you see anything unfamiliar, especially AI assistants you don't remember installing, click "Remove" immediately. Malicious extensions depend on going unnoticed. Removing them stops further data collection and cuts off the attacker's access to your information.

2) Change your passwords

If you installed any suspicious extension, assume your passwords may be compromised. Start by changing your email password first, since email controls access to most other accounts. Then update passwords for banking, shopping and social media accounts. This prevents attackers from using stolen credentials to break into your accounts.

3) Use a password manager to create and protect strong passwords

A password manager generates unique, complex passwords for each account and stores them securely. This prevents attackers from accessing multiple accounts if one password is stolen. Password managers also alert you if your login credentials appear in known data breaches, helping you respond quickly and protect your identity. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

4) Install strong antivirus software and keep it active

Good antivirus software can detect malicious browser extensions, spyware, and other hidden threats. It scans your system for suspicious activity and blocks harmful programs before they can steal your information. This adds an important layer of protection that works continuously in the background to keep your device safe. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

5) Use an identity theft protection service

Identity theft protection services monitor your personal data, including email addresses, financial accounts, and Social Security numbers, for signs of misuse. If criminals try to open accounts or commit fraud using your information, you receive alerts quickly. Early detection allows you to act fast and limit financial and personal damage. See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

6) Keep your browser and computer fully updated

Software updates fix security vulnerabilities that attackers exploit. Enable automatic updates for Chrome and your operating system so you always have the latest protections. These updates strengthen your defenses against malicious extensions and prevent attackers from taking advantage of known weaknesses.

7) Use a personal data removal service

Personal data removal services scan data broker websites that collect and sell your personal information. They help remove your data from these sites, reducing what attackers can find and use against you. Less exposed information means fewer opportunities for criminals to target you with scams, identity theft or phishing attacks.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

Kurt's key takeaway

Even tools designed to make your life easier can become tools for cybercriminals. Malicious extensions often hide behind trusted names and convincing features, making them difficult to spot. You can significantly reduce your risk by reviewing your browser extensions regularly, removing anything suspicious and using protective tools like password managers and strong antivirus software.

Have you checked your browser extensions recently? Let us know your thoughts by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Recommended Videos

Recommended Articles

Think your New Year's privacy reset worked? Think again

Your phone is now a crime scene in your pocket

Apple app password scam email warning

China vs SpaceX in race for space AI data centers

Spyware can hijack your phone in seconds

Trump's science and tech man lays out White House's global AI strategy

Atlanta tests driverless pod transit loop

Conduent data breach hits millions across multiple states

Waymo’s cheaper robotaxi tech could help expand rides fast

Why a credit freeze isn’t the end of identity theft

AI dating cafes are now a real thing

The robotaxi price war has started. Here’s everything you need to know.

YouTube TV billing scam emails are hitting inboxes

Fox News AI Newsletter: AI giant moves HQ to red state

China's robotics giant puts 200 robots to the test

Panera Bread data breach exposes 5.1M customers

AI home search could change how you buy a house

5 trendy tech words shaping today's internet culture

Tax season scams 2026: Fake IRS messages stealing identities

Criminals are using Zillow to plan break-ins. Here’s how to remove your home in 10 minutes.

Search for Nancy Guthrie continues as federal prosecutors assist FBI at 84-year-old's home

Pentagon audit: Republicans push AI to reform defense spending

Mar-a-Lago shooting: FBI leads investigation after armed man killed

Trump is in 'more danger than any other president,' former FBI special agent warns

Newsom joins social media age restriction battle: ‘As a parent, we need help’

Mothers turn grief into warning on social media addiction

Desperate search for Nancy Guthrie enters day 21, FBI on the case

Data center battle pits Big Tech against local homeowners

FBI uses genetic genealogy in Nancy Guthrie probe

People have more faith in 'gas station sushi' than legacy media: FCC chair

Mark Wahlberg, ‘The Chosen’ star unveil Hallow’s Lent prayer challenge

Nancy Grace: There are going to be more setbacks than advances in Guthrie case

Pentagon threatens to end partnership with tech company amid concerns over AI weaponization

Arizona gun shop owner says FBI brought list of names

DNA testing on glove found near Nancy Guthrie's yields no database match

This was ‘not a very nice thing’ in Guthrie investigation, says former Tucson police detective

Nancy Grace argues what is ‘more important’ than the backpack in Guthrie investigation

It makes 'zero sense' why Pima County sheriff isn't taking advantage of FBI's technology: Dan Bongino

Walmart purchases and DNA analysis may be crucial in Nancy Guthrie disappearance investigation

This would 'complicate' Nancy Guthrie investigation, warns former NYPD lieutenant