Overview
- LayerX Security identified a single coordinated operation, dubbed AiFrame, linking more than 30 extensions via a shared codebase and the tapnetic[.]pro backend.
- Several listings remained available at publication, including AI Assistant with 60,000 users and a Featured badge, while AI Sidebar was reuploaded after Gemini AI Sidebar’s removal and reached 70,000 users.
- The extensions render remote interfaces through full-screen iframes, letting operators change functionality without store updates and exfiltrate page data including titles, metadata, and authentication details.
- Roughly half include Gmail-specific scripts that read conversation view content and drafts directly from the DOM and send the text to attacker-controlled servers.
- Some variants support remotely triggered speech transcription via the Web Speech API; researchers published IOCs and advise uninstalling affected extensions and rotating passwords and API keys, as Google had not issued a comprehensive response at publication.