That AI Extension Helping You Write Emails? It’s Reading Them First
ID: d1315d22-0c33-5e22-9ec6-54dcbfae75b9
STIX ID: report--d1315d22-0c33-5e22-9ec6-54dcbfae75b9
Feed Name: Palo Alto Networks Unit 42
Date Published: 2026-04-30
Date Updated: 2026-04-30
Author: Shresta Bellary Seetharam, Nabeel Mohamed, Billy Melicher, Oleksii Starov, Qinge Xie and Fang Liu
This Unit 42 report documents 18 high-risk Chrome extensions marketed as AI tools that instead perform remote access, data exfiltration and browser-based espionage—examples include a WebSocket-driven RAT, DOM-based prompt/email exfiltration, API-key theft, persistent cross-device tracking and dynamic proxy hijacking; the report provides technical TTPs, IOCs (extension IDs, SHA256 hashes, domains), case studies and recommended mitigations for organizations and users.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.