‘AiFrame’ Browser Attacks Continue with Fake Authenticator, Converter Extensions

The AiFrame operation, first flagged in early 2026, illustrates a growing trend where threat actors weaponize popular AI services to distribute malicious browser extensions. By masquerading as legitimate tools such as ChatGPT, Google Gemini, or simple file converters, the campaign amassed hundreds of thousands of installations before any removal. The recent wave of six extensions—covering PDF export, image conversion, and a counterfeit two‑factor authenticator—continues this strategy, leveraging the same command‑and‑control infrastructure and developer footprints to evade detection.

Technical analysis reveals that each extension requests sweeping permissions, allowing them to read and modify content across any site. This capability enables the injection of hidden iframes, often placed inside shadow DOMs to bypass security scanners, which then display fake paywalls or phishing pages. The “AI Chat to PDF” add‑on not only overlays a payment wall on Google Gemini chats but also logs conversation data for exfiltration, while the “Convert HEIC to JPG” tool can redirect users on command. The 2FA authenticator, though currently inert, mimics Google’s official app and includes a dormant message listener that could later serve as a conduit for credential theft.

For enterprises and security teams, the AiFrame saga underscores the necessity of rigorous extension hygiene and rapid response mechanisms. Browser vendors must enhance automated vetting, monitor permission anomalies, and streamline removal processes for malicious add‑ons. End users should limit extensions to trusted sources, regularly audit installed tools, and be wary of unexpected permission prompts. As AI integration deepens across software ecosystems, attackers will likely replicate this model, making proactive defense and continuous threat intelligence essential to safeguard both corporate and personal data.