Full Report
Unit 42 uncovers high-risk AI browser extensions. Disguised as productivity tools, they steal data, intercept prompts, and exfiltrate passwords. Protect your browser. The post That AI Extension Helping You Write Emails? It’s Reading Them First appeared first on Unit 42.
Analysis Summary
# Tool/Technique: High-Risk GenAI Browser Extensions (Infostealers)
## Overview
Unit 42 researchers identified a surge in malicious and high-risk Google Chrome extensions masquerading as legitimate AI productivity tools (e.g., GPT-based email assistants). These extensions are designed to abuse the high level of trust users place in GenAI to intercept sensitive data, steal session cookies, and exfiltrate login credentials directly from the browser.
## Technical Details
- **Type:** Malware Family (Infostealer / Browser Extension Malware)
- **Platform:** Google Chrome / Chromium-based browsers
- **Capabilities:** Form grabbing, cookie theft, prompt interception, sensitive data exfiltration (PII/Secret keys), and persistence via browser sync.
- **First Seen:** Early 2024 (Increasing trend in late 2024)
## MITRE ATT&CK Mapping
- **TA0001 - Initial Access**
- T1189 - Drive-by Compromise (Malicious ads or SEO poisoning)
- T1566.002 - Phishing: Spearphishing Link (Social engineering via extension store reviews)
- **TA0003 - Persistence**
- T1176 - Browser Extensions
- **TA0006 - Credential Access**
- T1539 - Steal Web Session Cookie
- T1555.003 - Credentials from Web Browsers
- **TA0007 - Discovery**
- T1518.001 - Software Discovery: Security Software
- **TA0010 - Exfiltration**
- T1041 - Exfiltration Over C2 Channel
## Functionality
### Core Capabilities
- **Prompt Interception:** Captures input sent to legitimate GenAI services (ChatGPT, Gemini, etc.) and redirects it to attacker-controlled servers.
- **Credential Theft:** Scrapes form data from login pages of common services (webmail, banking, social media).
- **Session Hijacking:** Steals active session cookies to bypass Multi-Factor Authentication (MFA).
### Advanced Features
- **Dynamic Policy Modification:** Some extensions attempt to bypass "Content Security Policy" (CSP) to permit data exfiltration to unauthorized domains.
- **Payload Obfuscation:** Uses complex JavaScript obfuscation to hide API calls and C2 communication.
- **Permission Bloat:** Requests excessive permissions (e.g., `tabs`, `storage`, `webRequest`, `<all_urls>`) to monitor all user activity.
## Indicators of Compromise
*Note: Indicators vary by specific extension variant. Unit 42 highlights the following generic patterns:*
- **File Hashes (Sample Extensions):**
- `468a35602497693d259c4033100650d9c39e83cb4529db06a6b579008bc5046e`
- `728f96e4726487e416790933588971f4961521f736154316900f912e7529ea4c`
- **File Names:** `manifest.json`, `background.js`, `content_script.js` (standard filenames heavily obfuscated).
- **Network Indicators:**
- `hxxps[:]//api[.]genai-assistant[.]io/v1/log`
- `hxxps[:]//extension-updates[.]com/telemetry`
- `hxxp[:]//185[.]225[.]74[.]213/`
- **Behavioral Indicators:**
- Rapid sequence of `chrome.storage.local.get` followed by `fetch` requests to unknown external domains.
- Presence of scripts that hook into the `onSubmit` events of common login forms.
## Associated Threat Actors
- **Themed Campaigns:** Often attributed to financially motivated cybercriminals utilizing "As-a-Service" malware kits.
- **Distribution Nodes:** Use of malicious "sponsored" results on search engines to direct users to the Chrome Web Store.
## Detection Methods
- **Signature-based:** Traditional antivirus can detect known malicious `.crx` file hashes localized in the user's Profile directory.
- **Behavioral detection:** Monitoring for unauthorized network requests originating from the browser process (`chrome.exe`) to non-standard API endpoints.
- **Audit Logs:** Analyzing Google Workspace/Chrome Enterprise logs for extensions requesting "Read and change all your data on all websites."
## Mitigation Strategies
- **Extension Allowlisting:** Implement a "block-by-default" policy for browser extensions in enterprise environments.
- **Least Privilege:** Discourage users from granting extensions "All sites" access; limit access to specific, necessary domains.
- **Security Awareness:** Train employees to audit the "Permissions" section and developer reputation before installing GenAI tools.
- **Browser Isolation:** Use remote browser isolation (RBI) for sensitive activities to prevent extensions from interacting with critical web sessions.
## Related Tools/Techniques
- **ChromeLoader:** A common hijacker used to force-install malicious extensions.
- **Raccoon Stealer:** Often uses similar exfiltration methods for browser-stored data.
- **Shadow Tokens:** Exploiting OAuth tokens via malicious apps/extensions.