Malicious GenAI Chrome extensions: unpacking data exfiltration and malicious behaviours

Friday 26 September 14:30 - 15:00, Green room

Shresta B.Seetharam, Mohamed Nabeel & William Melicher (Palo Alto Networks)

The rapid proliferation of AI and GenAI tools [1] has extended to the Chrome Web Store, promising productivity but often delivering hidden threats. Cybercriminals are exploiting this trend, deploying malicious Chrome extensions that impersonate popular GenAI models like ChatGPT, Gemini, and DeepSeek, and agents like Manus, impacting millions of users. These dual-function extensions [2] often appear legitimate while secretly exfiltrating sensitive data and/or dropping malware.

This session offers a deep dive into the sophisticated techniques used in these attacks. Based on the dynamic and code insight analyser we built to scan CRX (chrome extension) files, we perform a deep a dive on recent GenAI malicious extensions, such as "DeepSeek AI | Free AI Assistant", "Manus AI | Free AI Assistant", "AI Assistant - ChatGPT and Gemini for Chrome", "WhatsApp Message Summary", and "Supersonic AI" [1] – demonstrating how the GenAI extension trend serves as a prime opportunity for threat actors to collect sensitive user data.

Analysing the core source files of these malicious extensions reveals their engineering to retrieve and execute arbitrary code, tamper with network requests to circumvent the Chrome Web Store's review process, and ultimately establish backdoor connections. We will further detail the exfiltration of critical information, including personal chat messages, browser cookies, encrypted system data, and Facebook Ads account credentials, to expose the full scope of the damage.

Significantly, we will showcase our dynamic analysis system designed to identify these insidious network behaviours in Chrome extensions, providing practical insights into detection and mitigation.

This hands-on presentation will equip attendees with the knowledge to understand how key browser extension APIs are abused. We will dissect these evolving threats, analyse their intricate functionalities, and reveal effective methods for verifying extension legitimacy. Attendees will learn to emphasize caution, scrutinize permissions, and identify trusted developers to effectively protect users from impersonating AI/GenAI extensions. Join us to unravel the dark side of AI in the browser, from initial infection vectors to covert data exfiltration.

[1] https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-08-11-AI-summary-browser-extensions.txt
[2] https://dti.domaintools.com/dual-function-malware-chrome-extensions/

 

 

Shresta B.Seetharam 

Shresta B.Seetharam is a senior researcher at Palo Alto Networks. His primary focus areas are JavaScript malware analysis, machine learning, and web security. His work contributes to advancing threat intelligence and protection capabilities against sophisticated web attacks. He possesses deep expertise in dynamic analysis, reverse engineering, and applying AI to cybersecurity challenges.

 
 

Mohamed Nabeel

Mohamed Nabeel, Ph.D., is a principal researcher at Palo Alto Networks where he researches and develops solutions for open problems in web and DNS security using ML/AI/GenAI, providing advanced capabilities to protect internet users. He has authored and presented 20+ US patents and 25+ papers at top security conferences. He has presented his work in top industry conferences including RSA conference and Virus Bulletin.

 
 

William Melicher

William Melicher serves as a principal researcher at Palo Alto Networks. His primary focus areas include browser security vulnerabilities, JavaScript malware deobfuscation and analysis, and developing machine learning models for threat intelligence. He has presented significant research at top conferences such as Usenix 2015 and PETS 2016.

Back to VB2025 Programme page

Back to VB2025 conference page

Register for VB2025

Other VB2025 papers

Silent killers: unmasking a large-scale legacy driver exploitation campaign

VB2025 presentation: Silent killers: unmasking a large-scale legacy driver exploitation campaign, Jiří Vinopal

Practical AWS antiforensics

VB2025 presentation: Practical AWS antiforensics, Santiago Abastante

The Wolf of Wall Steal: inside crypto traffer group operations

VB2025 presentation: The Wolf of Wall Steal: inside crypto traffer group operations, Anna Pham & Joan Garcia

Demystifying the Playboy RaaS

VB2025 presentation: Demystifying the Playboy RaaS, Gijs Rijnders

Evading in plain sight: how adversaries beat user-mode protection engines for over a decade

VB2025 presentation: Evading in plain sight: how adversaries beat user-mode protection engines for over a decade, Omri Misgav

From Latin America to the world: ransomware TTPs, prolonged intrusions, and regional adaptation

VB2025 presentaiton: From Latin America to the world: ransomware TTPs, prolonged intrusions, and regional adaptation, Isabel Manjarrez

Tracking the IoT botnet's bloodline: code footprints don’t lie

VB2025 presentation: Tracking the IoT botnet's bloodline: code footprints don’t lie, Chanbin Jeon, ChangGyun Kim & SeungBeom Lim

Invisible thieves in the front yard -- from an advanced evasive edge-device attack to potential mitigation methods

VB2025 presentation: Invisible thieves in the front yard -- from an advanced evasive edge-device attack to potential mitigation methods, Ting-Wei Hsieh

Google Calendar as C2 infrastructure: a China-nexus campaign with stealthy tactics

VB2025 presentation: Google Calendar as C2 infrastructure: a China-nexus campaign with stealthy tactics, Tim Chen & Still Hsu

Goodbye loaders, hello RMM: the rise of legit software in ecrime campaigns

VB2025 presentation: Goodbye loaders, hello RMM: the rise of legit software in ecrime campaigns, Selena Larson & Ole Villadsen

Silent Lynx: uncovering a cyber espionage campaign in Central Asia

VB2025 presentation: Silent Lynx: uncovering a cyber espionage campaign in Central Asia, Subhajeet Singha & Sathwik Ram Prakki

The dark prescription: inside the infrastructure of illegal online pharmacies

VB2025 presentation: The dark prescription: inside the infrastructure of illegal online pharmacies, Martin Chlumecky & Lubos Bever

Panel: Tales from the Old West

VB2025 presentation: Panel: Tales from the Old West, Righard Zwienenberg, Jan Hruska, Pavel Baudis & Tjark Auerbach

Unmasking the GrassCall campaign: the hackers behind job recruitment cyber scams

VB2025 presentation: Unmasking the GrassCall campaign: the hackers behind job recruitment cyber scams, Dixit Panchal & Soumen Burma

Cracked by the GRU: how Russia’s notorious Sandworm unit weaponizes pirated software usage to target Ukraine

VB2025 presentation: Cracked by the GRU: how Russia’s notorious Sandworm unit weaponizes pirated software usage to target Ukraine, Arda Büyükkaya

Hunting potential C2 commands in Android malware via Smali string comparison and control flow analysis

VB2025 presentation: Hunting potential C2 commands in Android malware via Smali string comparison and control flow analysis, JunWei Song

Vo1d rising: inside the botnet controlling 1.68 M+ Android TVs worldwide

VB2025 presentation: Vo1d rising: inside the botnet controlling 1.68 M+ Android TVs worldwide, Alex Turing

Arachnid alert: Latrodectus loader crawls through defences

VB2025 presentation: Arachnid alert: Latrodectus loader crawls through defences, Albert Zsigovits

When avatars come alive: understanding hybrid threat actors

VB2025 presentation: When avatars come alive: understanding hybrid threat actors, Itay Cohen & Omer Benjakob

Inside Akira ransomware's Rust experiment

VB2025 presentation: Inside Akira ransomware's Rust experiment, Ben Herzog

Rogue hirer, rogue hiree: workplace cyber threats to individuals and businesses

VB2025 presentation: Rogue hirer, rogue hiree: workplace cyber threats to individuals and businesses, Chris Boyd

You definitely don’t want to CopyPaste this: FakeCaptcha ecosystem

VB2025 presentation: You definitely don’t want to CopyPaste this: FakeCaptcha ecosystem, Dmitrij Lenz & Roberto Dasilva

The Phantom Circuit: the Lazarus Group’s evolution in supply chain compromise

VB2025 presentation: The Phantom Circuit: the Lazarus Group’s evolution in supply chain compromise, Ryan Sherstobitoff

DeceptiveDevelopment and North Korean IT workers: from primitive crypto theft to sophisticated AI-based deception

VB2025 presentation: DeceptiveDevelopment and North Korean IT workers: from primitive crypto theft to sophisticated AI-based deception, Matej Havranek

Deep dive into the abuse of DL APIs to create malicious AI models and how to detect them

VB2025 presentation: Deep dive into the abuse of DL APIs to create malicious AI models and how to detect them, Mohamed Nabeel & Alex Starov

Vietnamese hacking group: a rising of information stealing campaigns going global

VB2025 presentation: Vietnamese hacking group: a rising of information stealing campaigns going global, Chetan Raghuprasad & Joey Chen

Stealth over TLS: the emergence of ECH-based C&C in ECHidna malware

VB2025 presentation: Stealth over TLS: the emergence of ECH-based C&C in ECHidna malware, Yuta Sawabe & Rintaro Koike

Prediction of future attack indicators based on the 2024 analysis of threats from malicious app distribution sites in South Korea

VB2025 presentation: Prediction of future attack indicators based on the 2024 analysis of threats from malicious app distribution sites in South Korea, Kyung Rae Noh, Shinho Lee, Eui-Tak Kim, Yujin Shim, Jonghwa Han & Jung-Sik Cho

Unmasking the unseen: a deep dive into modern Linux rootkits and their detection

VB2025 presentation: Unmasking the unseen: a deep dive into modern Linux rootkits and their detection, Ruben Groenewoud & Remco Sprooten

Boosting URL detection with syntactic features in spam emails

VB2025 presentation: Boosting URL detection with syntactic features in spam emails, Antonia Scherz

Dissecting evil twin RATs: tracking the long-term use of TA410's FlowCloud toolset

VB2025 presentation: Dissecting evil twin RATs: tracking the long-term use of TA410's FlowCloud toolset, Hiroshi Takeuchi

Unmasking TAG-124: dissecting a prevalent traffic distribution system in the cybercriminal ecosystem

VB2025 presentation: Unmasking TAG-124: dissecting a prevalent traffic distribution system in the cybercriminal ecosystem, Julian-Ferdinand Vögele

The Bitter end: unravelling 8 years of APT antics

VB2025 presentation: The Bitter end: unravelling 8 years of APT antics, Abdallah Elshinbary, Nick Attfield, Konstantin Klinger & Jonas Wagner

The attribution story of WhisperGate: an academic perspective

VB2025 presentation: The attribution story of WhisperGate: an academic perspective, Alexander Adamov

Emmenhtal Loader: the silent enabler of modern malware campaigns

VB2025 presentation: Emmenhtal Loader: the silent enabler of modern malware campaigns, Lovely Antonio, Ricardo Pineda & Louis Sorita

Sophistication or missed opportunity? Analysing XE Group’s long-term exploitation of zero-days with limited impact

VB2025 presentation: Sophistication or missed opportunity? Analysing XE Group’s long-term exploitation of zero-days with limited impact, Justin Lentz & Nicole Fishbein

Attacker identity revealed: insights from rogue VMs & BYOVD in EDR evasion

VB2025 presentation: Attacker identity revealed: insights from rogue VMs & BYOVD in EDR evasion, Navin Thomas, Renzon Cruz & Cuong Dinh

Living in the hypervisor: defeating anti-[VM, sandbox, analysis] via patching hypervisor

VB2025 presentation: Living in the hypervisor: defeating anti-[VM, sandbox, analysis] via patching hypervisor, Kağan Işıldak

PepsiDog: inside the rise of a professional Chinese phishing actor

VB2025 presentation: PepsiDog: inside the rise of a professional Chinese phishing actor, Stefan Tanase & Ionut Bucur

Code Red: How KnowBe4 exposed a North Korean IT infiltration scheme

VB2025 keynote presentation: Code Red: How KnowBe4 exposed a North Korean IT infiltration scheme, Martin Kraemer

TIPS: Smashing smishing by quashing quishing

VB2025 TIPS presentation: Smashing smishing by quashing quishing, Andrew Brandt

TIPS: Collective intelligence in OT cybersecurity: transforming threat insights into proactive defence

VB2025 TIPS presentation: Collective intelligence in OT cybersecurity: transforming threat insights into proactive defence, AJ Eserjose

TIPS: The battlegrounds are moving faster than we are - can we turn this oil-tanker on a dime?​ 

VB2025 TIPS presentation: The battlegrounds are moving faster than we are - can we turn this oil-tanker on a dime?​ Tim West

TIPS: How MITRE is AI, anyway?

VB2025 TIPS presentation: How MITRE is AI, anyway? Samir Mody

TIPS: Fireside chat: The tortured “cybersecurity” poets department

VB2025 TIPS presentation: Fireside chat: The tortured “cybersecurity” poets department, Cat Self, Jeanette Miller, Jeannette Jarvis, Selena Larson

TIPS: Beyond machine translation: struggles and adaptations of North Korean IT workers in Japan’s crowdsourcing market

VB2025 TIPS presentation: Beyond machine translation: struggles and adaptations of North Korean IT workers in Japan’s crowdsourcing market, Takahiro Kakumaru & Yoshihiro Kori

TIPS: Panel: The wheels on the CVE go round and round: breaking the cycle of vulnerability fatigue

VB2025 TIPS presentation: Panel: The wheels on the CVE go round and round: breaking the cycle of vulnerability fatigue, Righard Zwienenberg, Robin Staa, John Alexander, Geri Revay

TIPS: Stop the flood: building a quality and trust-driven threat intelligence ecosystem

VB2025 TIPS presentation: Stop the flood: building a quality and trust-driven threat intelligence ecosystem, Kihong Kim & SuhMahn Hur

TIPS: Diff’ing the light fantastic – tracking typosquatting and disinformation in a resource-constrained environment

VB2025 TIPS presentation: Diff’ing the light fantastic – tracking typosquatting and disinformation in a resource-constrained environment, James Slaughter

TIPS: From clusters to actors: a practical threat actor attribution framework

VB2025 TIPS presentation: From clusters to actors: a practical threat actor attribution framework, Kyle Wilhoit & Robert Falcone

Cybersecurity 2035: where will we be in 10 years' time?

VB2025 presentation: Cybersecurity 2035: where will we be in 10 years' time?, Paul Ducklin

European PDNS readiness

VB2025 presentation: European PDNS readiness, Viliam Peli, George Buhai

Collaborative response to emerging critical RCE vulnerabilities in exposed edge devices

VB2025 presentation: Collaborative response to emerging critical RCE vulnerabilities in exposed edge devices, Piotr Kijewski

TIPS: Keynote

VB2025 TIPS presentation: Keynote, Gonçalo Ribeiro

Don’t fear journalists! Talk to me! Hacks, exploits & best practices for improving researcher-reporter ties

VB2025 presentation: Don’t fear journalists! Talk to me! Hacks, exploits & best practices for improving researcher-reporter ties, Omer Benjakob

CVE-2025-33053, Stealth Falcon and Horus: a saga of Middle Eastern cyber espionage

VB2025 presentation: CVE-2025-33053, Stealth Falcon and Horus: a saga of Middle Eastern cyber espionage, Alexandra Gofman

Shared secret: EDR killers in the kill chain

VB2025 presentation: Shared secret: EDR killers in the kill chain, Gabor Szappanos & Steeve Gaudreault

Inside Pandora's Box: dissecting the latest arsenal and tactics of APT27

VB2025 presentation: Inside Pandora's Box: dissecting the latest arsenal and tactics of APT27, Naoki Takayama

Intercepting entropy: hooking PRNG to recover ransomware encryption keys

VB2025 presentation: Intercepting entropy: hooking PRNG to recover ransomware encryption keys, Raviv Rachmiel

DocSwap: security app that steals your security

VB2025 presentation: DocSwap: security app that steals your security, HyeongJun Kim

ClickFix: exploiting the clipboard for multi-stage payload delivery across OS platforms

VB2025 paper: ClickFix: exploiting the clipboard for multi-stage payload delivery across OS platforms, Prashant Tilekar

Malicious GenAI Chrome extensions: unpacking data exfiltration and malicious behaviours

VB2025 presentation: Malicious GenAI Chrome extensions: unpacking data exfiltration and malicious behaviours, Shresta B.Seetharam, Mohamed Nabeel & William Melicher

The silent infiltration: Darknet analysis of corporate data exposures in East Asia

VB2025 presentation: The silent infiltration: Darknet analysis of corporate data exposures in East Asia, Eric Hsieh, Yuki Hung & Boik Su

From billion queries to action: how DNS4EU transforms threat defence

VB2025 presentation: From billion queries to action: how DNS4EU transforms threat defence, Sebastian Garcia & Tigran Oganesian

Beyond the SERP: when black hat SEO campaigns evolve into a multi-faceted criminal threat

VB2025 presentation: Beyond the SERP: when black hat SEO campaigns evolve into a multi-faceted criminal threat, Joey Chen

Unmasking MetaRAT: a new PlugX variant in China-linked APT operation

VB2025 presentation: Unmasking MetaRAT: a new PlugX variant in China-linked APT operation, Yoshihiro Ishikawa & Takuma Matsumoto

Exploiting compiler theory to automate the extraction of IOCs from JavaScript malware

VB2025 presentation: Exploiting compiler theory to automate the extraction of IOCs from JavaScript malware, Matthew Nunes

ScarCruft’s new language: whispering in PubNub, crafting backdoor in Rust, striking with ransomware

VB2025 presentation: ScarCruft’s new language: whispering in PubNub, crafting backdoor in Rust, striking with ransomware, Jiho Kim & Jaeki Kim

Needle in a dumpster: uncovering a hidden link of CL-CRI-1040 exploiting the ToolShell vulnerabilities

VB2025 presentation: Needle in a dumpster: uncovering a hidden link of CL-CRI-1040 exploiting the ToolShell vulnerabilities, Hiroaki Hara & Mike Lim

Binary facades: script extraction from compiled macOS malware

VB2025 presentation: Binary facades: script extraction from compiled macOS malware, Patrick Wardle

No payload for you: inside Sidewinder's selective exploitation strategy

VB2025 presentation: No payload for you: inside Sidewinder's selective exploitation strategy, Eliad Kimhy & Santiago Pontiroli

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.