Urgent Warning: AI Email Assistants Found Stealing Passwords and Private Data

Breaking: Malicious AI Browser Extensions Caught in Widespread Data Theft

Security researchers at Unit 42 have uncovered a dangerous new threat: popular AI browser extensions, marketed as productivity tools for email writing, are actually stealing sensitive information. These extensions intercept prompts, capture passwords, and exfiltrate data without the user's knowledge.

Urgent Warning: AI Email Assistants Found Stealing Passwords and Private Data — Source: unit42.paloaltonetworks.com

The discovery was made during a routine security audit of browser extension permissions. Unit 42 identified multiple extensions with hidden functionality that activates as soon as the user starts typing in an email field.

"These extensions are designed to look like helpful assistants, but they’re reading every word you type – including passwords and confidential messages," said Dr. Amanda Reyes, lead researcher at Unit 42. "We urge all users to check their installed extensions immediately."

Background: How the Extensions Operate

The malicious extensions disguise themselves as AI-powered writing aids that suggest sentences and grammar corrections. However, behind the scenes, they inject code that intercepts every keystroke and sends it to remote servers.

Unit 42's analysis revealed that the extensions specifically target email platforms like Gmail and Outlook. Once installed, they request broad permissions – including access to all website data, storage, and clipboard content.

The researchers also discovered that the extensions can extract previously saved passwords from browser storage. In some cases, they even altered form fields to trick users into re-entering credentials.

Data intercepted: Email prompts, passwords, financial details
Delivery method: Chrome Web Store and other browser extension marketplaces
User count: Some extensions had over 100,000 active users

Technical Breakdown: Prompt Interception and Exfiltration

Once installed, the extension creates a background script that monitors all web requests. When it detects an email composition window, it intercepts the prompt and sends a copy to a command-and-control server.

The stolen data is exfiltrated using encrypted HTTP requests that mimic normal traffic, making it difficult for security tools to flag. Unit 42 has shared indicators of compromise with major browser vendors.

What This Means for Users and Organizations

This discovery has immediate implications for anyone using AI browser extensions for productivity. The risk extends beyond personal email – corporate users connecting to work accounts expose company secrets.

According to Unit 42, the extensions were found in popular categories like "email assistant," "AI writer," and "smart reply." Many had high ratings, suggesting users remained unaware of the malicious activity.

"This is a wake-up call for the browser extension ecosystem," said Mark Chen, cybersecurity analyst at Unit 42. "Just because an extension has thousands of reviews doesn't mean it's safe. These attackers have mastered the art of blending in."

Organizations should immediately review browser extension policies and consider blocking all extensions that request broad data access. Individual users are advised to remove any extension they no longer trust or need.

Immediate Steps to Protect Yourself

Go to your browser’s extension manager and disable or remove any AI writing assistants.
Change passwords for accounts accessed while the extension was active.
Enable two-factor authentication where possible to mitigate credential theft.

Unit 42 has released a full list of compromised extensions on their security blog. Users are encouraged to check that list and scan their browsers for any matches.

Long-Term Implications for AI Tool Security

This incident underscores the growing tension between convenience and security in AI-powered tools. As more users adopt browser-based AI assistants, attackers are likely to mimic this technique.

Unit 42 recommends that browser vendors implement stricter vetting processes for extensions that request high-risk permissions. Additionally, users should manually review permissions before installing any new extension.

The researchers are continuing to monitor the threat landscape for similar campaigns and will update their findings as new data emerges.

Tags: