Chrome Extensions Steal Users' API Keys
LayerX Security reported this week that 32 malicious Chrome extensions installed by at least 260,000 users purport to be AI assistants but exfiltrate API keys, email messages, and other personal data. They all contact infrastructure under the tapnetic.pro domain, impersonate chatbots like ChatGPT and Gemini, and many remain available on the Chrome Web Store, creating broad data-exfiltration risk.
Scoring Rationale
Confirmed security finding with detailed technical evidence, but limited by reliance on a single security firm's report and pending vendor response.
Practice interview problems based on real data
1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problemsStep-by-step roadmaps from zero to job-ready — curated courses, salary data, and the exact learning order that gets you hired.
Sources
- Read Original30+ Chrome extensions disguised as AI chatbots steal secretstheregister.com
- Read OriginalMalicious Chrome AI Extensions Target 260,000 Users with Injected Iframesgbhackers.com
- Read OriginalFake AI Assistants in Google Chrome Web Store Steal Passwords and Spy on Emailsitsecuritynews.info
