That AI Extension Helping You Write Emails? It's Reading Them First

216.73.216.226

That AI Extension Helping You Write Emails? It's Reading Them First

· Published 01/05/2026 01:40 · Modified 04/05/2026 14:30

Essential information

Published: 01/05/2026 01:40
Modified: 04/05/2026 14:30
Source / Author: AlienVault
Confidence: 100/100
Report type(s): threat-report
Labels / Tags: browser extension genai huiyi remote access trojan search hijacker
Tags: 2026-04-30 browser extension genai huiyi remote access trojan search hijacker
Related entities: 1 vulnerabilities (cve), 20 indicators, 20 observables, 20 techniques (mitre), 6 malware, 10 others

Description

Researchers discovered 18 malicious AI browser extensions masquerading as productivity tools that deliver remote access trojans, meddler-in-the-middle attacks, and infostealers. These extensions exploit the rise of generative AI to target prompts, user behavior, and browser sessions through API interception, passive DOM observation, traffic proxying, and HTTPS response decryption. Examples include extensions that surveil emails during composition, intercept ChatGPT prompts, and exfiltrate passwords. Multiple samples contained AI-generated code indicating threat actors employed large language models to accelerate production. Google removed or issued warnings for all 18 reported extensions. These malicious tools specifically target sensitive data including AI API keys, authentication credentials, email content, and proprietary session information by exploiting user trust in AI-branded applications.