Threat actors are deploying malicious Chrome extensions masquerading as AI assistants to intercept user prompts, redirect searches to attacker-controlled domains, and harvest sensitive browsing data.
Deceptive AI Interface and Omnibox Hijacking
A new wave of AI-themed browser extensions claims to offer seamless “ChatGPT,” “Llama,” “Perplexity,” and “Claude” search experiences directly within Chrome’s omnibox.
In reality, these add-ons exploit the chrome_settings_overrides manifest key to replace the browser’s default search engine.
Any text input by the user is intercepted by obfuscated JavaScript routines that log search queries and personal data before forwarding the requests to attacker-controlled domains such as chatgptforchrome.com, dinershtein.com, and gen-ai-search.com.
Periodic remote script updates enable persistent hijacking even after manual resets of local storage or manifest settings, ensuring uninterrupted data exfiltration.
Catalog of Malicious Extensions and Redirect Domains
Researchers have identified eight primary malicious extensions through their unique IDs, claimed AI functionality, and associated redirect domains. The extension akfnjopjnnemejchppfpomhnejoiiini advertises a “Claude search” but reroutes queries to dinershtein.com.
The 2023 variant boofekcjiojcpcehaldjhjfhcienopme, which reached over 15,800 users, posed as “AI ChatGPT” and exploited chatgptforchrome.com to steal Facebook session tokens via deeply obfuscated scripts.
Current campaigns include bpeheoocinjpbchkmddjdaiafjkgdgoi (“ChatGPT for Chrome”), ecimcibolpbgimkehmclafnifblhmkkb (“Perplexity Search”), jhhjbaicgmecddbaobeobkikgmfffaeg (“Chat AI for Chrome”), jijilhfkldabicahgkmgjgladmggnkpb (“GenAISearch”), lnjebiohklcphainmilcdoakkbjlkdpn (“ChatGPT Search”), and pjcfmnfappcoomegbhlaahhddnhnapeb (“Meta Llama Search”).
Each extension leverages identical redirection techniques to capture omnibox input under the guise of AI tool functionality.
Historical Evolution and Future Threat Trajectories
The initial “AI ChatGPT” extension campaign leveraged complex obfuscation to evade detection, facilitating credential theft and session hijacking.
Today’s resurgence builds on that infrastructure with enhanced social engineering strategies, including YouTube promotional videos enticing users to install “Chat AI for Chrome.”
As the ecosystem matures, analysts anticipate more sophisticated variants capable of injecting phishing overlays directly into popular websites or deploying secondary payloads such as browser-based cryptominers and ransomware.
Mitigation Strategies for Users and Enterprises
Effective defense begins with a rigorous vetting of extension publishers and a thorough scrutiny of user reviews before installation.
Enterprise administrators should audit any changes to the chrome_settings_overrides field in extension manifests across managed devices to identify unauthorized search engine alterations.
Deploying endpoint detection and response solutions can identify anomalous redirection patterns in real-time, while browser isolation technologies prevent malicious scripts from accessing underlying system resources.
Regular review of installed extensions, coupled with prompt removal of unused or suspicious add-ons, further minimizes exposure to prompt-hijacking threats.
Remaining vigilant and fostering user awareness around AI extension security are essential to safeguarding both personal and organizational data.
Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates
