AI Browser Extensions Found Stealing Passwords and Emails in New Security Alert

By

Breaking: Malicious AI Extensions Compromise Browser Security

Security researchers at Unit 42 have uncovered a wave of high-risk AI browser extensions that covertly steal user data, intercept email prompts, and exfiltrate passwords. These extensions, masquerading as productivity tools, pose an immediate threat to millions of users.

“The extensions appear legitimate—they help draft emails or summarize text—but behind the scenes, they’re reading every keystroke and capturing credentials,” said Dr. Elena Vargas, a senior threat analyst at Unit 42. “We advise users to remove any unfamiliar AI extensions immediately.”

Unit 42’s investigation reveals that the malicious code activates when users install the extension and grant permissions to access browser data. The attackers then intercept AI prompts and responses, exfiltrating sensitive information to remote servers.

Background: The Rise of Compromised Productivity Tools

The discovery comes amid a surge in AI-powered browser extensions designed to automate tasks like email drafting, note-taking, and text summarization. While many are legitimate, cybercriminals have begun replicating functionality with hidden malware.

Unit 42’s report notes that these extensions often appear in official browser stores with high ratings and thousands of downloads, luring unsuspecting users. Once installed, they can:

• Intercept email content before it’s sent
• Capture login credentials entered on websites
• Exfiltrate API keys and other sensitive data

“The extensions use sophisticated obfuscation to evade detection,” added Dr. Vargas. “This is not a simple script—it’s a full-fledged espionage toolkit.”

What This Means: Urgent Action Required

For users, the implications are severe. Any AI extension installed in the past months could be leaking private emails, passwords, and corporate data. Unit 42 recommends immediately reviewing browser extensions and removing any not explicitly trusted.

Businesses should enforce strict extension whitelists and conduct security audits. “The attack surface is wider than many realize,” said cybersecurity consultant Mark Tan. “We’re seeing initial access brokers actively peddling credentials stolen through these extensions.”

To protect yourself:

1. Disable or remove all AI writing extensions
2. Change passwords for sensitive accounts
3. Enable two-factor authentication wherever possible

Unit 42 continues to monitor the threat and will release a full technical analysis next week. In the meantime, the message is clear: If an extension promises to write your emails, it might be reading them—and everything else—first.

Related Articles

• Terminal Users Reveal Top Frustrations in New Survey: Syntax, Switching, and Color Issues Dominate
• The Block Protocol: A Universal Standard for Web Content Blocks
• Govee Table Lamp Classic Hits Market at $63.99, Undercutting Philips Hue Go by Half
• 10 Critical Security Blind Spots in AI Agents Like Claude That Enterprises Must Address Now
• Elon Musk Loses Landmark Lawsuit Against OpenAI in Silicon Valley Showdown
• Mastering Claude Code: A Practical Guide to AI-Assisted Development in Your Terminal
• Running Large Language Models on CPU: A Practical Guide for Linux Users
• How to Navigate Trump’s Shifting Influence in 2026: A Guide for Organizations