Esteban Rojas Villar
Back to blog
2 min read

Unit 42 Alert: 30K+ Domains Distributing Malicious AI-Themed Browser Extensions

Palo Alto Networks Unit 42 reveals a large-scale campaign using fake AI tools like 'OmniBar AI Chat' to hijack browsers, intercept searches, and exfiltrate user data.

Threat IntelMalwareAI SecurityIncident Response

Unit 42 (Palo Alto Networks) just released a threat alert on a campaign using 30,000+ domains to distribute malicious AI-themed browser extensions. These extensions masquerade as legitimate AI tools like "OmniBar AI Chat and Search" and "AI Output Algo Tool", but they override browser settings, intercept search queries, and exfiltrate user data through attacker-controlled endpoints.

The Threat

What makes this campaign particularly dangerous is the "remote switch" capability: the extensions initially redirect to legitimate search engines and GenAI services to build trust, but the attacker controls the API endpoint and can pivot to phishing or malware delivery at any time — without pushing an extension update.

This is a classic "living off trust" technique. Users install what appears to be a helpful AI assistant, it works normally for days or weeks, and then silently switches to malicious behavior when the attacker flips the switch server-side.

Key Indicators

  • Extensions claiming to provide AI chat, search enhancement, or productivity features
  • Browser settings overridden without explicit user consent
  • Search queries routed through unfamiliar domains
  • Extensions requesting broad permissions (access to all URLs, browsing history, etc.)

Why This Matters

The AI tool gold rush has created a perfect social engineering opportunity. Users are eager to try new AI assistants and may lower their guard when installing extensions that promise ChatGPT-like functionality. Threat actors are exploiting this trust at scale.

From an incident response perspective, these extensions are particularly challenging because:

  1. Legitimate initial behavior makes detection difficult
  2. No extension update required to pivot to malicious activity
  3. 30K+ distribution domains means blocklists are playing catch-up
  4. User-initiated installation bypasses many endpoint controls

Recommendations

  • Audit browser extensions across your organization
  • Implement extension allowlisting where possible
  • Monitor for unusual DNS queries from browser processes
  • Educate users about the risks of AI-themed extensions from untrusted sources
  • Review permissions requested by any AI productivity tools

References

Stay vigilant. The intersection of AI hype and browser security is going to be a major attack surface throughout 2026.

All posts