A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information.

Some of the extensions are still present in the Chrome Web Store and have been installed by tens of thousands of users, while others show a small install count.

Researchers at browser security platform LayerX discovered the malicious extension campaign and named it AiFrame. They found that all analyzed extensions are part of the same malicious effort as they communicate with infrastructure under a single domain, tapnetic[.]pro.