According to researchers, threat actors are distributing fake Chrome extensions posing as AI tools to hijack prompts in the Chrome search bar and then redirect queries to attacker-controlled domains and track search activity.
More info via this Github link from Palo Alto Networks: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-09-24-IOCs-for-AI-prompt-hijacker-extensions.txt
Davit Asatryan, VP of Research at Spin.AI, commented:
“Malicious AI-themed extensions show how attackers are quick to exploit hype to bypass user trust and enterprise defenses. What many don’t realize is that browser extensions can act like shadow IT, silently harvesting sensitive data. Organizations should treat extensions as part of their attack surface and implement continuous risk monitoring to prevent these threats before they spread.”
This underlines the fact that there are dangers with anything that gets onto your computer. Which means that you should always be wary of what you install regardless of what it is.
Related
This entry was posted on September 30, 2025 at 3:46 pm and is filed under Commentary with tags Palo Alto Networks. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Hackers Distribute Malicious AI Tools Through Chrome Extensions
According to researchers, threat actors are distributing fake Chrome extensions posing as AI tools to hijack prompts in the Chrome search bar and then redirect queries to attacker-controlled domains and track search activity.
More info via this Github link from Palo Alto Networks: https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-09-24-IOCs-for-AI-prompt-hijacker-extensions.txt
Davit Asatryan, VP of Research at Spin.AI, commented:
“Malicious AI-themed extensions show how attackers are quick to exploit hype to bypass user trust and enterprise defenses. What many don’t realize is that browser extensions can act like shadow IT, silently harvesting sensitive data. Organizations should treat extensions as part of their attack surface and implement continuous risk monitoring to prevent these threats before they spread.”
This underlines the fact that there are dangers with anything that gets onto your computer. Which means that you should always be wary of what you install regardless of what it is.
Share this:
Like this:
Related
This entry was posted on September 30, 2025 at 3:46 pm and is filed under Commentary with tags Palo Alto Networks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.