⚠️ Region Alert: UAE/Middle East
Security researchers have identified 18 malicious browser extensions masquerading as AI-powered productivity tools, which deliver remote access Trojans (RATs), infostealers, and man-in-the-middle attacks. These extensions exploit the rising demand for generative AI to target sensitive user data, including ChatGPT prompts, private emails, and proprietary session information. By leveraging techniques like API interception and passive DOM observation, these tools can bypass traditional security controls to exfiltrate credentials and corporate secrets.
Technically, many of these samples contain AI-generated code, indicating that threat actors are now using large language models to accelerate malware production. The observed threats include extensions that hijack search engines, establish persistent WebSocket-based command-and-control channels, and utilize malicious Proxy Auto-Configuration (PAC) scripts to monitor web traffic. Organizations are urged to treat browser extensions as high-risk third-party software and implement strict vetting processes to protect their attack surface.
Top comments (0)