Malicious and High-Risk AI-Powered Chrome Extensions Enable Account Hijacking and Phishing
Security researchers reported multiple risks tied to AI-themed browser extensions in the Chrome/Edge ecosystem, including active malicious campaigns. Malwarebytes identified 16 malicious extensions (15 Chrome, 1 Edge) masquerading as ChatGPT “enhancers” that steal ChatGPT session tokens, enabling attackers to take over accounts and access conversation history and metadata; the extensions also exfiltrate additional telemetry (e.g., extension version/language and usage details) to help attackers profile victims and maintain longer-term access.
Separately, Varonis described a new malware-as-a-service offering called “Stanley” that claims to reliably get phishing-capable Chrome extensions through Chrome Web Store review, using full-screen iframe overlays to present attacker-controlled login pages while the address bar continues to show the legitimate domain; it also advertises auto-install support across Chrome/Edge/Brave, a management panel, geo/IP targeting, and frequent C2 polling. In parallel with these overtly malicious cases, an Incogni study of 442 AI-powered Chrome extensions found broad privacy and security exposure from over-privileged extensions (e.g., script injection and deep page access) and extensive data collection (52% collecting user data), highlighting that even popular tools (e.g., Grammarly and QuillBot) can present significant privacy risk due to the scope of permissions and data categories collected.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Google and Microsoft notified about token-stealing ChatGPT extensions
The researchers behind the ChatGPT-themed extension findings notified Google and Microsoft about the malicious add-ons in their stores. Users were advised to uninstall the listed extensions because store review processes had failed to prevent the abuse.
Researchers uncover 16 malicious ChatGPT-themed browser extensions
Researchers identified 16 malicious browser extensions, including 15 for Chrome and 1 for Edge, that posed as ChatGPT productivity tools. The extensions stole ChatGPT session authentication tokens, allowing attackers to hijack accounts and access users' conversation history and related metadata.
Incogni flags Grammarly and QuillBot as high privacy-risk AI extensions
In its 2026 report, Incogni ranked Grammarly and QuillBot among the most potentially privacy-damaging widely used AI browser extensions because of broad access and multiple categories of collected data. The researchers noted these extensions were not rated as highly likely to be malicious, but still posed notable privacy concerns.
Incogni publishes 2026 privacy risk report on 442 AI Chrome extensions
Incogni released a report analyzing 442 AI-powered Chrome extensions and found that many request extensive permissions and collect significant user data. The study said 52% of reviewed extensions collected some form of user data, including potentially sensitive information such as personal communications, location, and website content.
BleepingComputer seeks Google's response to Stanley Chrome extension claims
BleepingComputer contacted Google for comment regarding claims that Stanley operators can get phishing extensions approved in the Chrome Web Store. The outreach followed publication of Varonis' findings about the service's capabilities and distribution model.
Varonis identifies 'Stanley' malware service for Chrome Web Store phishing extensions
Varonis researchers reported a malware-as-a-service offering called "Stanley" that allegedly sells malicious Chrome extensions designed to pass Chrome Web Store review. The extensions use full-screen iframe overlays to phish users while keeping the browser address bar on a legitimate domain.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Malicious Chrome extensions can spy on your ChatGPT chats | Malwarebytes
malwarebytes.com
Open sourceGrammarly and QuillBot are among widely used Chrome extensions facing serious privacy questions - Help Net Security
helpnetsecurity.com
Open sourceNew malware service guarantees phishing extensions on Chrome web store
bleepingcomputer.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Malicious Chrome Extensions Used for Credential Theft and Website Spoofing
Security researchers reported a surge in **malicious Chrome extensions** abusing high-privilege browser permissions to steal credentials and hijack authenticated sessions. LayerX identified at least **16 ChatGPT-related extensions** that mimic legitimate productivity tools and brands, then inject scripts into `chatgpt.com` to monitor outbound web requests and **exfiltrate authorization details and session tokens** to attacker-controlled infrastructure. With stolen tokens, attackers can impersonate victims’ ChatGPT sessions and potentially access connected data sources (e.g., integrations with *Slack* and *GitHub*), expanding impact beyond the AI service itself. Separately, Varonis documented a **malware-as-a-service** browser-extension toolkit dubbed **Stanley** being sold on Russian-language cybercrime forums, marketed to enable large-scale credential theft by **showing a phishing site while the URL bar continues to display the legitimate domain**. The toolkit uses a web-based control panel to configure per-victim “source” (legitimate) and “target” (phishing) URLs, then overlays a full-screen iframe to spoof the destination site; the seller also claims “guaranteed” placement in the **Chrome Web Store**, increasing the likelihood of user installation and enterprise exposure.
Mar 21, 2026
Malicious Chrome Extensions Used for Data Theft via Ownership Transfers and Impersonation
Multiple **malicious Chrome/Chromium extensions** were identified abusing the Chrome Web Store to steal data from users and enterprises. Two previously legitimate extensions—**QuickLens** (`kdenlnncndfnhkognokgfpabgkgehodd`) and **ShotBird** (`gengfhhkjekmlejbhmmopegofnoifnjp`)—reportedly turned malicious after **ownership transfers**, enabling downstream compromise through injected code and data harvesting. In the QuickLens case, researchers reported the malicious update preserved expected functionality while adding capabilities to **strip security headers** (e.g., `X-Frame-Options`) and facilitate script injection that can bypass **Content Security Policy (CSP)** protections, expanding the attacker’s ability to make cross-domain requests and collect sensitive information. Separately, Microsoft reported a campaign of **counterfeit “AI assistant” browser extensions** distributed via the Chrome Web Store (and therefore also impacting Microsoft Edge environments that allow Chrome extensions), which allegedly affected **20,000+ enterprise tenants** and amassed roughly **900,000 installs**. These extensions impersonated legitimate AI productivity tools and harvested **ChatGPT/DeepSeek conversation histories**, visited URLs, and browsing telemetry, staging data for exfiltration to attacker-controlled infrastructure. Another Chrome Web Store threat involved a fake **imToken**-branded extension (“lmΤoken Chromophore”) that masqueraded as a benign tool but redirected victims to phishing infrastructure to steal **seed phrases and private keys**, using tactics like hardcoded remote configuration (via JSONKeeper) and decoy navigation to the legitimate `token.im` site after credential capture.
Mar 21, 2026
Malicious Chrome Extensions Impersonate AI Assistants and Crypto Wallets to Steal Sensitive Data
Microsoft reported a campaign of **malicious Chromium-based browser extensions** masquerading as legitimate AI assistant tools to **harvest LLM chat histories and browsing data**, with reporting suggesting ~**900,000 installs** and Microsoft Defender telemetry indicating activity across **20,000+ enterprise tenants**. The extensions collected full URLs and chat content from services including **ChatGPT** and **DeepSeek**, creating a high-risk data leakage path for proprietary code, internal workflows, and strategic discussions; Microsoft also noted cases where “agentic” browsers auto-downloaded these extensions, reducing user friction and increasing exposure. Separately, Socket documented a **fake imToken** Chrome extension (`bbhaganppipihlhjgaaeeeefbaoihcgi`) that posed as a benign “hex color visualizer” but functioned as a **phishing redirector**: on install and on click it opened attacker-controlled pages, pulling a destination URL from `jsonkeeper[.]com/b/KUWNE` and sending victims to `chroomewedbstorre-detail-extension[.]com` to solicit **12/24-word seed phrases** or **private keys** for wallet takeover. A Kaspersky post focused on consumer guidance for disabling unwanted AI features and broadly warned about privacy/security risks from pervasive AI assistants (including mention of insecure third-party “personal agent” setups), but it did not provide corroborated details tied to the specific malicious-extension campaigns described by Microsoft and Socket.
May 1, 2026