Malicious and High-Risk AI-Powered Chrome Extensions Enable Account Hijacking and Phishing
Security researchers reported multiple risks tied to AI-themed browser extensions in the Chrome/Edge ecosystem, including active malicious campaigns. Malwarebytes identified 16 malicious extensions (15 Chrome, 1 Edge) masquerading as ChatGPT “enhancers” that steal ChatGPT session tokens, enabling attackers to take over accounts and access conversation history and metadata; the extensions also exfiltrate additional telemetry (e.g., extension version/language and usage details) to help attackers profile victims and maintain longer-term access.
Separately, Varonis described a new malware-as-a-service offering called “Stanley” that claims to reliably get phishing-capable Chrome extensions through Chrome Web Store review, using full-screen iframe overlays to present attacker-controlled login pages while the address bar continues to show the legitimate domain; it also advertises auto-install support across Chrome/Edge/Brave, a management panel, geo/IP targeting, and frequent C2 polling. In parallel with these overtly malicious cases, an Incogni study of 442 AI-powered Chrome extensions found broad privacy and security exposure from over-privileged extensions (e.g., script injection and deep page access) and extensive data collection (52% collecting user data), highlighting that even popular tools (e.g., Grammarly and QuillBot) can present significant privacy risk due to the scope of permissions and data categories collected.
Timeline
Jan 28, 2026
Google and Microsoft notified about token-stealing ChatGPT extensions
The researchers behind the ChatGPT-themed extension findings notified Google and Microsoft about the malicious add-ons in their stores. Users were advised to uninstall the listed extensions because store review processes had failed to prevent the abuse.
Jan 28, 2026
Researchers uncover 16 malicious ChatGPT-themed browser extensions
Researchers identified 16 malicious browser extensions, including 15 for Chrome and 1 for Edge, that posed as ChatGPT productivity tools. The extensions stole ChatGPT session authentication tokens, allowing attackers to hijack accounts and access users' conversation history and related metadata.
Jan 28, 2026
Incogni flags Grammarly and QuillBot as high privacy-risk AI extensions
In its 2026 report, Incogni ranked Grammarly and QuillBot among the most potentially privacy-damaging widely used AI browser extensions because of broad access and multiple categories of collected data. The researchers noted these extensions were not rated as highly likely to be malicious, but still posed notable privacy concerns.
Jan 28, 2026
Incogni publishes 2026 privacy risk report on 442 AI Chrome extensions
Incogni released a report analyzing 442 AI-powered Chrome extensions and found that many request extensive permissions and collect significant user data. The study said 52% of reviewed extensions collected some form of user data, including potentially sensitive information such as personal communications, location, and website content.
Jan 26, 2026
BleepingComputer seeks Google's response to Stanley Chrome extension claims
BleepingComputer contacted Google for comment regarding claims that Stanley operators can get phishing extensions approved in the Chrome Web Store. The outreach followed publication of Varonis' findings about the service's capabilities and distribution model.
Jan 26, 2026
Varonis identifies 'Stanley' malware service for Chrome Web Store phishing extensions
Varonis researchers reported a malware-as-a-service offering called "Stanley" that allegedly sells malicious Chrome extensions designed to pass Chrome Web Store review. The extensions use full-screen iframe overlays to phish users while keeping the browser address bar on a legitimate domain.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Affected Products
Sources
Related Stories
Malicious Chrome Extensions Used for Credential Theft and Website Spoofing
Security researchers reported a surge in **malicious Chrome extensions** abusing high-privilege browser permissions to steal credentials and hijack authenticated sessions. LayerX identified at least **16 ChatGPT-related extensions** that mimic legitimate productivity tools and brands, then inject scripts into `chatgpt.com` to monitor outbound web requests and **exfiltrate authorization details and session tokens** to attacker-controlled infrastructure. With stolen tokens, attackers can impersonate victims’ ChatGPT sessions and potentially access connected data sources (e.g., integrations with *Slack* and *GitHub*), expanding impact beyond the AI service itself. Separately, Varonis documented a **malware-as-a-service** browser-extension toolkit dubbed **Stanley** being sold on Russian-language cybercrime forums, marketed to enable large-scale credential theft by **showing a phishing site while the URL bar continues to display the legitimate domain**. The toolkit uses a web-based control panel to configure per-victim “source” (legitimate) and “target” (phishing) URLs, then overlays a full-screen iframe to spoof the destination site; the seller also claims “guaranteed” placement in the **Chrome Web Store**, increasing the likelihood of user installation and enterprise exposure.
1 months ago
Malicious Chrome Extensions Used for Data Theft via Ownership Transfers and Impersonation
Multiple **malicious Chrome/Chromium extensions** were identified abusing the Chrome Web Store to steal data from users and enterprises. Two previously legitimate extensions—**QuickLens** (`kdenlnncndfnhkognokgfpabgkgehodd`) and **ShotBird** (`gengfhhkjekmlejbhmmopegofnoifnjp`)—reportedly turned malicious after **ownership transfers**, enabling downstream compromise through injected code and data harvesting. In the QuickLens case, researchers reported the malicious update preserved expected functionality while adding capabilities to **strip security headers** (e.g., `X-Frame-Options`) and facilitate script injection that can bypass **Content Security Policy (CSP)** protections, expanding the attacker’s ability to make cross-domain requests and collect sensitive information. Separately, Microsoft reported a campaign of **counterfeit “AI assistant” browser extensions** distributed via the Chrome Web Store (and therefore also impacting Microsoft Edge environments that allow Chrome extensions), which allegedly affected **20,000+ enterprise tenants** and amassed roughly **900,000 installs**. These extensions impersonated legitimate AI productivity tools and harvested **ChatGPT/DeepSeek conversation histories**, visited URLs, and browsing telemetry, staging data for exfiltration to attacker-controlled infrastructure. Another Chrome Web Store threat involved a fake **imToken**-branded extension (“lmΤoken Chromophore”) that masqueraded as a benign tool but redirected victims to phishing infrastructure to steal **seed phrases and private keys**, using tactics like hardcoded remote configuration (via JSONKeeper) and decoy navigation to the legitimate `token.im` site after credential capture.
1 months ago
Malicious Chrome Extensions Impersonate AI Assistants and Crypto Wallets to Steal Sensitive Data
Microsoft reported a campaign of **malicious Chromium-based browser extensions** masquerading as legitimate AI assistant tools to **harvest LLM chat histories and browsing data**, with reporting suggesting ~**900,000 installs** and Microsoft Defender telemetry indicating activity across **20,000+ enterprise tenants**. The extensions collected full URLs and chat content from services including **ChatGPT** and **DeepSeek**, creating a high-risk data leakage path for proprietary code, internal workflows, and strategic discussions; Microsoft also noted cases where “agentic” browsers auto-downloaded these extensions, reducing user friction and increasing exposure. Separately, Socket documented a **fake imToken** Chrome extension (`bbhaganppipihlhjgaaeeeefbaoihcgi`) that posed as a benign “hex color visualizer” but functioned as a **phishing redirector**: on install and on click it opened attacker-controlled pages, pulling a destination URL from `jsonkeeper[.]com/b/KUWNE` and sending victims to `chroomewedbstorre-detail-extension[.]com` to solicit **12/24-word seed phrases** or **private keys** for wallet takeover. A Kaspersky post focused on consumer guidance for disabling unwanted AI features and broadly warned about privacy/security risks from pervasive AI assistants (including mention of insecure third-party “personal agent” setups), but it did not provide corroborated details tied to the specific malicious-extension campaigns described by Microsoft and Socket.
2 days ago