Fake AI Chrome extensions expose 300,000 users’ passwords and data

Your web browser may seem like a safe place, especially when you install useful tools that promise to make your life easier. But security researchers discovered a dangerous campaign in which more than 300,000 people installed Chrome extensions pretending to be… artificial intelligence (Amnesty International) Assistants. Instead of helping, these fake tools secretly collect sensitive information such as emails, passwords, and browsing activity.

They used Familiar names like ChatGPT, Gemini and artificial intelligence assistant. If you use Chrome and have installed any AI-related extension, your personal information may already be exposed. What’s worse is that some of these harmful extensions are still available today, putting more people at risk without them knowing.

Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter.

More than 300,000 Chrome users installed fake AI extensions that secretly collected sensitive data. (Kurt “CyberGuy” Knutson)

What you need to know about fake AI accessories

Security researchers at browser security company LayerX discovered a large campaign involving 30 Malicious Chrome extensions Disguised as AI-powered assistants (via BleepingComputer). Together, these extensions have been installed more than 300,000 times by unexpected users.

Some of the most popular extensions included names like AI Sidebar with 70,000 users, AI Assistant with 60,000 users, ChatGPT Translate with 30,000 users, and Google Gemini with 10,000 users. Another extension called Gemini AI Sidebar had 80,000 users before it was removed.

These extensions were distributed through the official Chrome Web Store, making them appear legitimate and trustworthy. Even more disturbing, researchers found that many of these extensions were connected to the same malicious server, indicating that they were part of a coordinated effort.

While some accessories have since been removed, others are still available. This means that new users can still install these programs and expose their personal data without their knowledge. Here is a list of affected extensions:

• Artificial intelligence assistant
• Llama
• Gemini AI sidebar
• Artificial Intelligence sidebar
• ChatGPT sidebar
• Your puppy
• ChatGPT asks
• ChatGBT
• GPT chat bot
• Grok Chatbot
• Chat with Gemini
• XAI
• Google Gemini
• Ask Gemini
• Amnesty International message generator
• Artificial intelligence message generator
• Artificial intelligence translator
• Amnesty International Translation
• AI cover letter generator
• AI Image Generator ChatGPT
• AI wallpapers generator
• AI Image Generator
• Download Deep Sec
• AI email writer
• AI email generator
• Deep Sick Chat
• ChatGPT image generator
• ChatGPT translation
• Artificial Intelligence GPT
• ChatGPT translation
• ChatGPT for Gmail

Fake AI chat results spread dangerous malware for Mac

These malicious tools are listed on the official Chrome Web Store, making them appear legitimate and trustworthy. (X layer)

How the fake Chrome extension AI attack works

These fake add-ons pretend to offer useful AI features, such as translating texts, summarizing emails, or acting as an AI assistant. But behind the scenes, they are quietly monitoring what you do online.

Once installed, the extension gets permission to view and interact with the websites you visit. This allows it to read the contents of web pages, including login screens where you enter your username and password.

In some cases, the extensions specifically targeted Gmail. They can read your emails right from your browser, including emails you’ve received and even drafts you’re still writing. This means that attackers can access private conversations, financial information, and sensitive personal details.

The extensions then send this information to servers controlled by the attackers. Since they load the content remotely, attackers can change their behavior at any time without needing to update the extension.

Some versions can also activate voice features through your browser. This could potentially capture spoken conversations near your device and send texts back to attackers.

If you install one of these extensions, attackers may actually be able to access highly sensitive information. This includes the content of your email, login credentials, browsing habits, and perhaps even audio recordings.

We’ve reached out to Google for comment, and a spokesperson told CyberGuy that the company “can confirm that the extensions mentioned in this report have all been removed from Google online store“.

8.8 million users infected with browser-attached malware in DARKSPECTRE attack

Once installed, extensions can read emails, capture passwords, monitor browsing activity, and send data to servers controlled by the attacker. (Bildkuil/Ulstein Bild via Getty Images)

7 ways you can protect yourself from malicious Chrome extensions

If you’ve previously installed an AI-related Chrome extension, taking some simple precautions now can help protect your accounts and prevent further damage.

1) Remove any suspicious or unused browser extensions

On a Windows or Mac computer, open Chrome and type chrome://extensions in the address bar. Review each supplement listed. If you see anything unfamiliar, especially AI assistants you don’t remember installing, tap “removes” Immediately. Malicious extensions rely on you not being noticed. Removing them stops further data collection and prevents the attacker from accessing your information.

2) Change your passwords

If you install any suspicious extension, assume that your passwords might be compromised. Start by changing your email password first, since email controls access to most other accounts. Then update your passwords for your banking, shopping, and social media accounts. This prevents attackers from using stolen credentials to break into your accounts.

3) Use a password manager to create and protect strong passwords

The password manager creates unique, complex passwords for each account and stores them securely. This prevents attackers from accessing multiple accounts if a single password is stolen. Password managers also alert you if your login credentials appear in known data breaches, helping you respond quickly and protect your identity. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

4) Install a powerful antivirus and keep it active

Good antivirus software can detect malicious browser extensions, spyware, and other hidden threats. It scans your system for suspicious activity and blocks malware before it can steal your information. This adds an important layer of protection that constantly runs in the background to keep your device safe. Get my picks for the best antivirus protection winners of 2026 for Windows, Mac, Android, and iOS at Cyberguy.com.

5) Use an identity theft protection service

Identity theft protection services monitor your personal data, including email addresses, financial accounts and Social Security numbers, for signs of misuse. If criminals try to open accounts or commit fraud using your information, you’ll receive alerts quickly. Early detection allows you to act quickly and limit financial and personal damage. Check out my tips and top picks on how to protect yourself from identity theft at Cyberguy.com.

6) Keep your browser and computer fully updated

Fix software updates Security vulnerabilities exploited by attackers. Enable automatic updates for Chrome and your operating system so you always have the latest protections. These updates strengthen your defenses against malicious extensions and prevent attackers from taking advantage of known vulnerabilities.

7) Use a personal data removal service

Personal data removal services examine data broker sites that collect and sell your personal information. They help remove your data from these sites, reducing what attackers can find and use against you. Less exposed information means fewer opportunities for criminals to target you with scams, identity theft, or phishing attacks.

Check out my top picks for data removal services and get a free check to see if your personal information really exists on the web by visiting Cyberguy.com.

Get a free check to see if your personal information is already on the web: Cyberguy.com.

Key takeaway for Kurt

Even tools designed to make your life easier can become tools for cybercriminals. Malicious extensions often hide behind reliable names and compelling features, making them difficult to detect. You can significantly reduce your risks by Review your browser extensions Regularly, remove anything suspicious and use protection tools such as password managers and powerful antivirus software.

Have you checked your browser extensions recently? Let us know your thoughts by writing to us at Cyberguy.com.

Click here to download the FOX NEWS app

Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – FREE when you join my site CYBERGUY.COM Newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.

Related article