I mainly use the Google Chrome browser and I’ve installed a few browser “extensions” which are special programs that work inside my browser. The extensions I use are only from well-known companies and their solutions that I trust, such as the Keeper password management system, Adobe Acrobat, and Google Translate.
Browser extensions can be genuinely useful, so it’s no surprise scammers are abusing that trust. A fast growing trick is the malicious “AI assistant” extension: it looks like a helpful productivity add-on in the Chrome Web Store, but its real job is to quietly grab your sensitive data.
Many of us have gotten used to pasting things into AI tools to “get help faster” like how to fix things or to conduct research on a topic.
Attackers are counting on that habit.
A fake AI assistant may prompt you to “connect your account,” or it may watch your browser to prove you’re already logged in. With either one, a criminal can act as you.
These extensions often look legitimate: polished icons, confident marketing language, and a handful of suspiciously generic reviews. Some copy the names and branding of real tools, or claim they’re “powered by” popular AI models.
The damage can be immediate so protect yourself with a few habits:
- Install extensions sparingly, and remove anything you don’t use.
- Read the permissions. If a “writing helper” wants access to every website you visit, that’s a red flag.
- Never paste API keys, passwords, or secret tokens into a browser extension chat box.
Convenience is great. Handing an unknown extension your secrets is not. Stick with the ones you know.