300,000 Chrome users affected by fake AI extensions
NEWNow you can listen to News articles!
Your web browser may seem like a safe place, especially when you install useful tools that promise to make your life easier. But security researchers have uncovered a dangerous campaign in which more than 300,000 people installed Chrome extensions posing as artificial intelligence (AI) assistants. Instead of helping, these fake tools secretly collect sensitive information like your emails, passwords, and browsing activity.
They used familiar names like ChatGPT, Gemini, and AI Assistant. If you use Chrome and have installed any AI-related extensions, your personal information may already be exposed. Worse yet, some of these malicious extensions are still available today, putting more people at risk without them knowing it.
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.
More than 300,000 Chrome users installed fake AI extensions that secretly collected sensitive data. (Kurt “CyberGuy” Knutsson)
What you need to know about fake AI extensions
Security researchers at browser security company LayerX discovered a large campaign involving 30 malicious Chrome extensions disguised as AI-powered assistants (via BleepingComputer). Collectively, these extensions were installed more than 300,000 times by unsuspecting users.
Some of the most popular extensions included names like AI Sidebar with 70,000 users, AI Assistant with 60,000 users, ChatGPT Translate with 30,000 users, and Google Gemini with 10,000 users. Another extension called Gemini AI Sidebar had 80,000 users before it was removed.
These extensions were distributed through the official Chrome Web Store, making them look legitimate and trustworthy. Even more concerning is that researchers discovered that many of these extensions were connected to the same malicious server, showing that they were part of a coordinated effort.
While some extensions have since been removed, others remain available. This means that new users could still install them unknowingly and expose their personal data. Here is the list of affected extensions:
- AI assistant
- Calls
- Gemini AI Sidebar
- AI Sidebar
- ChatGPT Sidebar
- Grok
- Ask ChatGPT
- ChatGBT
- GPT chatbot
- Grok Chatbot
- Chat with Gemini
- XI
- Google Gemini
- Ask Gemini
- AI Letter Generator
- AI message generator
- AI Translator
- AI for translation
- AI Cover Letter Generator
- AI ChatGPT Image Generator
- Ai Wallpaper Generator
- Ai Image Generator
- Download DeepSeek
- AI Email Writer
- AI Email Generator
- Deep Search Chat
- ChatGPT Image Generator
- ChatGPT Translate
- i have gpt
- Translation of ChatGPT
- ChatGPT for Gmail
FALSE AI CHAT RESULTS ARE SPREADING DANGEROUS MAC MALWARE
These malicious tools were listed on the official Chrome web store, making them look legitimate and trustworthy. (LayerX)
How the fake Chrome AI extension attack works
These fake extensions claim to offer useful AI features, such as translating text, summarizing emails, or acting as an AI assistant. But behind the scenes, they silently monitor what you do online.
Once installed, the extension gains permission to view and interact with the websites you visit. This allows you to read the content of web pages, including login screens where you enter your username and password.
In some cases, the extensions specifically targeted Gmail. They could read your emails right from your browser, including emails you received and even drafts you were still writing. This means attackers could access private conversations, financial information, and sensitive personal data.
The extensions then sent this information to servers controlled by the attackers. Because they loaded content remotely, attackers could change their behavior at any time without needing to update the extension.
Some versions can also activate voice functions through your browser. This could potentially capture conversations spoken near your device and send transcripts to attackers.
If you installed one of these extensions, attackers may already have access to extremely sensitive information. This includes the content of your email, login credentials, browsing habits, and possibly even voice recordings.
We reached out to Google for comment and a spokesperson told CyberGuy that the company “can confirm that all extensions in this report have been removed from the Google Web Store.”
BROWSER EXTENSION MALWARE INFECTED 8.8M USERS IN DARKSPECTER ATTACK
Once installed, the extensions could read emails, capture passwords, monitor browsing activity, and send data to servers controlled by attackers. (Image source/Ullstein image via Getty Images)
7 ways to protect yourself from malicious Chrome extensions
If you’ve ever installed an AI-related Chrome extension, taking a few simple precautions now can help protect your accounts and prevent further damage.
1) Remove any suspicious or unused browser extensions
On a Windows or Mac PC, open Chrome and type chrome://extensions in the address bar. Review all listed extensions. If you see something that looks unfamiliar, especially AI assistants that you don’t remember installing, click “Eliminate” immediately. Malicious extensions depend on going unnoticed. Deleting them stops additional data collection and cuts off the attacker’s access to your information.
2) Change your passwords
If you installed any suspicious extensions, assume that your passwords may be compromised. Start by changing your email password first, since email controls access to most other accounts. Then update passwords for bank, business, and social media accounts. This prevents attackers from using stolen credentials to log into your accounts.
3) Use a password manager to create and protect strong passwords
A password manager generates unique and complex passwords for each account and stores them securely. This prevents attackers from accessing multiple accounts if they steal one password. Password managers also alert you if your login credentials appear in known data breaches, helping you respond quickly and protect your identity. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
4) Install powerful antivirus software and keep it active
Good antivirus software can detect malicious browser extensions, spyware, and other hidden threats. Scans your system for suspicious activity and blocks harmful programs before they can steal your information. This adds an important layer of protection that works continuously in the background to keep your device safe. Get my picks for the best antivirus protection winners of 2026 for your Windows, Mac, Android, and iOS devices at Cyberguy.com.
5) Use an identity theft protection service
Identity theft protection services monitor your personal data, including email addresses, financial accounts, and Social Security numbers, for signs of misuse. If criminals try to open accounts or commit fraud using your information, you will receive alerts quickly. Early detection allows you to act quickly and limit financial and personal damage. See my tips and best options on how to protect yourself from identity theft at Cyberguy.com.
6) Keep your browser and computer fully up to date
Software updates address security vulnerabilities that attackers exploit. Enable automatic updates for Chrome and your operating system to always have the latest protections. These updates strengthen your defenses against malicious extensions and prevent attackers from exploiting known weaknesses.
7) Use a personal data deletion service
Personal data removal services scan websites of data brokers that collect and sell your personal information. They help remove your data from these sites, reducing what attackers can find and use against you. Less exposed information means fewer opportunities for criminals to target you with scams, identity theft, or phishing attacks.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already available on the web: Cyberguy.com.
Kurt’s Key Takeaway
Even tools designed to make your life easier can become tools for cybercriminals. Malicious extensions often hide behind trustworthy names and convincing features, making them difficult to detect. You can significantly reduce your risk by regularly checking your browser extensions, removing anything suspicious, and using protection tools such as password managers and powerful antivirus software.
Have you checked your browser extensions recently? Let us know your opinion by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE News APP
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.
Copyright 2026 CyberGuy.com. All rights reserved.
Related article
Kurt “CyberGuy” Knutsson is an award-winning technology journalist with a deep love for technology, gear and devices that improve lives with his contributions to News and News Business since mornings on “News & Friends.” Do you have any technical questions? Get Kurt’s free CyberGuy newsletter, share your voice, a story idea or comment on CyberGuy.com.