Chrome’s AI Extension Gold Rush Is a Hacker’s Playground

A surge of Chrome extensions masquerading as AI search assistants is exposing just how fragile browser trust really is. Researchers warn that these malicious add-ons don’t just hijack your omnibox—they siphon off sensitive data under the guise of providing ChatGPT, Claude, Perplexity, or Llama integration.

AI Branding as Social Engineering

The ruse is simple: present users with a “convenient” AI shortcut while silently rewriting Chrome’s default search engine via the chrome_settings_overrides manifest key. The moment you type into the omnibox, obfuscated JavaScript captures every keystroke, logs personal data, and reroutes the request to attacker-controlled domains like chatgptforchrome.com, gen-ai-search.com, and dinershtein.com.

Remote script injection ensures that even if a user resets their browser settings, the compromise reappears—turning what looks like a search upgrade into a permanent backdoor.

A Rogue’s Gallery of Fake AI Add-ons

Investigators have mapped out at least eight malicious extensions. Their IDs read like random strings, but their pitch is always the same: “ChatGPT for Chrome,” “Claude Search,” “Perplexity Search,” “GenAISearch.”

One notorious example, the extension with ID boofekcjiojcpcehaldjhjfhcienopme, racked up more than 15,800 installs in 2023. Marketed as “AI ChatGPT,” it redirected traffic through chatgptforchrome.com and quietly harvested Facebook session tokens.

The latest wave includes look-alikes such as bpeheoocinjpbchkmddjdaiafjkgdgoi (“ChatGPT for Chrome”) and pjcfmnfappcoomegbhlaahhddnhnapeb (“Meta Llama Search”). All rely on identical redirection tricks to exfiltrate queries, cloaked in AI branding.

From Token Theft to Phishing Overlays

The evolution is telling. Early campaigns focused on credential theft through obfuscation. Now, attackers are expanding reach with YouTube ads promoting “Chat AI for Chrome,” luring the less technically savvy.

Analysts expect future iterations to escalate—injecting phishing overlays into trusted websites or even dropping browser-based cryptominers and ransomware. The trend mirrors how ransomware groups pivoted from simple encryption to double and triple extortion.

Defenses for Users and Enterprises

Security teams recommend locking down Chrome extension policies. At the enterprise level, auditing for suspicious use of chrome_settings_overrides is crucial. Endpoint detection tools can flag unusual redirect patterns, while browser isolation ensures injected scripts can’t pivot into deeper system access.

For individuals, the checklist is basic but often ignored: vet publishers, read reviews with skepticism, and periodically audit installed extensions. The quickest path to safety is also the most inconvenient—delete extensions you don’t absolutely need.

The Shadow IT Problem

Davit Asatryan, VP of Research at Spin.AI, said:

“Malicious AI-themed extensions show how attackers are quick to exploit hype to bypass user trust and enterprise defenses. What many don't realize is that browser extensions can act like shadow IT, silently harvesting sensitive data. Organizations should treat extensions as part of their attack surface and implement continuous risk monitoring to prevent these threats before they spread.”

The lesson is clear: as AI hype continues to saturate the consumer market, attackers will keep weaponizing the branding. What looks like a shortcut to Claude or ChatGPT could just as easily be a shortcut to losing control of your data.