Malicious Chrome Extensions: AiFrame Exploits AI Popularity, Another Steals Meta Business Suite Data
Published
Key Takeaways
- Widespread Impact: A coordinated campaign of 30 malicious Chrome extensions, dubbed "AiFrame," has compromised over 260,000 users by posing as legitimate AI tools.
- Attack Mechanism: The extensions utilize a hidden "full-screen iframe" architecture to grant remote servers control over browser activity, bypassing initial security reviews.
- Persistent Threat: Even after takedowns, identical extensions are quickly re-uploaded under new names, demonstrating a sophisticated "extension spraying" evasion tactic.
Malicious Google Chrome extensions were spotted in malware campaigns – one is pushing fake extensions masquerading as AI assistants for summarization, chat, writing, and Gmail assistance, and another advertises itself as a tool that helps with verification friction to scrape Meta Business Suite data.
Fake AI Assistant Extensions
Cybersecurity researchers at LayerX have uncovered a sophisticated malware campaign dubbed AiFrame, which involves a network of 30 malicious browser extensions that masquerade as popular AI assistants like ChatGPT, Claude, Gemini, and Grok. These extensions, some of which were featured in the Chrome Web Store, have been installed by more than 260,000 users.
These appear to offer helpful summarization and writing tools, but actually embed a remote, server-controlled interface, specifically a full-screen iframe, that acts as a privileged proxy for external attackers.
Remote iframes allow attackers to silently introduce new capabilities, such as harvesting sensitive page content or executing unauthorized commands at any time without submitting updates for review by Google.Â
The campaign also targets Gmail users, as 15 of the extensions contain code that reads visible email content directly from the DOM, exfiltrating private communications to third-party servers.
Malicious Extension Steals Meta Business Data
Socket’s Threat Research Team has uncovered a malicious Google Chrome extension, CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), designed to exploit Meta Business Suite users.Â
While marketed as a tool to scrape data, bypass verification popups, and generate 2FA codes, the extension secretly exfiltrates sensitive information. The extension, available on the Chrome Web Store, requests extensive access to meta.com and facebook.com and ultimately acts like a silent infostealer.Â
Despite its privacy policy claiming that 2FA secrets and Business Manager data remain local, the extension transmits TOTP seeds, 2FA codes, Business Manager contact lists, and analytics data to a backend server at getauth[.]pro. Additionally, the stolen data can be forwarded to a Telegram channel controlled by the threat actor.
Combating AI Assistant Extension Threats
Attackers are leveraging the hype surrounding generative AI to distribute surveillance tools that bypass traditional security models. The AiFrame campaign uses "extension spraying," in which identical code is published under multiple names to evade takedowns. When one extension is removed, another takes its place, maintaining the attacker's access.Â
Security experts warn that browser extension cybersecurity must:
- Audit extensions within managed environments, especially those installed outside of policy controls.
- Enforce allow lists, review high-privilege extensions, and monitor for unusual network traffic and domains.
- Deploy behavior-based extension monitoring technologies to detect unauthorized network activity or suspicious DOM manipulation.
- Strengthen runtime monitoring and enforcement, not just install-time review, to detect post-installation behavior changes driven by backend infrastructure.
In December 2025, malicious Phantom Shuttle Chrome extensions masquerading as a legitimate VPN service were observed intercepting traffic to steal user data. Another campaign revealed last month distributed Evelyn Stealer to software developers via Visual Studio Code extensions.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular