Our recent research uncovered one such risk—a widespread network of malicious Chrome extensions. In reality, these extensions have been actively siphoning sensitive business data, emails, and even the contents of their users’ browsing history. The campaign has been underway since at least June 22, 2025. It’s a companion guide with 32 browser add-ons that are sold as AI-powered personal assistants. These extensions have of yet collectively received about 37.4 million installations in total, which corresponds to around 1% of the global Chrome user base.
These extensions are poised to assist with everything from summarization, to conversational agents, to writing assistance and Gmail control. Yet, they’ve even been caught pilfering sensitive information from their users. Among the known malicious extensions are AI Assistant, Llama, Gemini AI Sidebar, ChatGPT Sidebar and CL Suite by @CLMasters. All three extensions include remote server-controlled interfaces that enable attackers to control user accounts and view sensitive information.
The Extent of the Threat
These predatory extensions have been downloaded by more than 260,000 users around the world. The investigation into their functionality reveals a concerning ability: they can initiate speech recognition and exfiltrate the resulting transcripts to a remote page. LayerX researcher Natalie Zargarov emphasized the hidden dangers within these extensions, stating:
“While these tools appear legitimate on the surface, they hide a dangerous architecture: instead of implementing core functionality locally, they embed remote, server-controlled interfaces inside extension-controlled surfaces and act as privileged proxies, granting remote infrastructure access to sensitive browser capabilities.”
The ramifications of this campaign are severe. Besides the fact that these extensions harvest an overwhelming amount of personal data, they participate in direct account tampering. For example, users could be auto-joined to the attacker’s VK groups without their approval. Such a pattern of behavior should result in serious ethical and security questions around the use of browser extensions.
Methods of Data Exfiltration
Data exfiltration methods used by these malicious extensions are very advanced. When you take advantage of Gmail features, such as AI-assisted replies or summaries, your email content is extracted. This data is subsequently relayed to third party servers run by the extension operators. LayerX further detailed this alarming process:
“As a result, email message text and related contextual data may be sent off-device, outside of Gmail’s security boundary, to remote servers.”
On top of that, the proprietary code contained in these extensions sends TOTP seed values and current one-time security codes. As security researcher Kirill Boychenko uncovered, this sensitive data is sent to a backend service operated under the domain getauth[.]pro. There’s even an ability to share it to a Telegram channel operated by the threat actor.
Boychenko noted the deceptive nature of one particular extension, CL Suite by @CLMasters:
“CL Suite by @CLMasters shows how a narrow browser extension can repackage data scraping as a ‘tool’ for Meta Business Suite and Facebook Business Manager.”
He went on to elaborate that the extension’s capabilities like extracting people info and 2FA generation in the browser aren’t harmless productivity improvements. Instead they are intentionally made wholly to scrape personal, high-value data from Meta properties.
The Evolution of the Malware
Unfortunately, the malware hidden in these extensions isn’t a one-off, isolated attempt at stealing data. It’s a living project, updated and vetted all the time with new additions and improvements. Security researcher Ariel Cohen highlighted the structured development behind this malware:
“This isn’t sloppy malware – it’s a maintained software project with version control, testing, and iterative improvements.”
Cohen’s key takeaway is that the attackers are serious about creating a consistent, reliable toolkit for data exfiltration. They too are always looking for new ways to hit cargo and to bypass security protocols.
Every commit made to the underlying code shows a calculated attempt to strengthen its capabilities and avoid detection. This evolution highlights an alarming trend requiring heightened awareness amongst users who could unknowingly install these dangerous extensions.