Fake AI Assistants in Google Chrome Web Store Steal Passwords and Spy on Emails
Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX
Cybersecurity firm LayerX has recently uncovered a significant threat in the Google Chrome Web Store, where hundreds of thousands of users have inadvertently downloaded malicious AI extensions that impersonate popular tools like ChatGPT, Gemini, and Grok. These fake assistants, designed to mimic the functionality of legitimate AI tools, are now being used to steal user passwords and spy on their emails.
The deceptive extensions are crafted with a high degree of sophistication, making it difficult for users to distinguish them from the genuine articles. They often appear in search results for the legitimate AI tools, further enticing users to install them. Once installed, these malicious extensions gain access to sensitive user data, including login credentials, passwords, and email content.
LayerX researchers have identified several key characteristics of these fake AI extensions. Firstly, they often use similar names and icons to the original tools, such as "ChatGPT Pro" or "Grok Plus," to lure users into believing they are legitimate. Additionally, these extensions may offer enhanced features or promises of improved performance, which are not available in the original versions.
The malicious extensions typically operate by injecting themselves into web pages, intercepting user input, and harvesting sensitive information. They may also send this data to remote servers controlled by the attackers, who can then use it for various nefarious purposes, such as identity theft, financial fraud, or further cyberattacks.
The scale of this threat is alarming, with hundreds of thousands of users potentially affected. Many of these users may not even be aware that they have installed a malicious extension, as the fake assistants often blend seamlessly into the Chrome interface and behave like legitimate tools until they start collecting data.
In response to this threat, LayerX has urged users to take immediate action to protect themselves. The first step is to check the list of installed Chrome extensions and remove any that are unfamiliar or suspicious. Users should also be cautious when searching for AI tools and ensure they are downloading extensions from verified sources, such as the official websites of the respective tools.
Furthermore, enabling two-factor authentication for important accounts can help mitigate the risk of password theft. Users should also be wary of any unexpected notifications or requests for access to sensitive data, as these could be signs of malicious activity.
The Google Chrome Web Store has been notified of this issue, and it is crucial that they take swift action to remove these fake AI extensions from their platform. It is also essential for users to stay informed about the latest threats and adopt best practices for cybersecurity to safeguard their personal and financial information.
This incident highlights the growing sophistication of cyber threats and the need for users to remain vigilant when using technology. As AI tools become increasingly popular, attackers will likely continue to exploit this trend to infiltrate users' systems and steal their data. By staying alert and taking proactive measures, users can help protect themselves from falling victim to these deceptive tactics.
