TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Palo Alto Unit 42

That AI Extension Helping You Write Emails? It’s Reading Them First

Shresta Bellary Seetharam, Nabeel Mohamed, Billy Melicher, Oleksii Starov, Qinge Xie and Fang Liu · 5 days ago · Read original ↗

ATT&CK techniques detected

29 predictions
T1176.001Browser Extensions
97%
“rat targeting ai developers ( february 2026 ) browser extensions expand the client - side attack surface browser extensions operate within the browser ' s trusted process with user - granted permissions. they can read and modify web content, intercept network requests, access coo…”
T1176Software Extensions
97%
“caution by sourcing extensions only from trusted providers and adhering to the principle of least privilege. users must scrutinize requested permissions, as granting broad access to browser data can authorize the interception of sensitive credentials and proprietary session infor…”
T1176Software Extensions
93%
“that ai extension helping you write emails? it ’ s reading them first executive summary we found 18 ai browser extensions marketed as productivity tools that are not as they seem. this group includes extensions such as : - one that surveils your emails as you compose them - anoth…”
T1176.001Browser Extensions
91%
“caution by sourcing extensions only from trusted providers and adhering to the principle of least privilege. users must scrutinize requested permissions, as granting broad access to browser data can authorize the interception of sensitive credentials and proprietary session infor…”
T1176.001Browser Extensions
90%
“and to systematically disrupt malicious cyber actors. learn more about the cyber threat alliance. acknowledgments we ’ d like to thank the entire unit 42 team for supporting us with this article. special thanks to samantha stallings, bradley duncan, lysa myers for helping us revi…”
T1071.001Web Protocols
88%
“debugger protocol attachment for https traffic interception - filling out forms - capturing screenshots - accessing browsing history when a victim clicks connect in the pop - up, the extension establishes a persistent websocket connection to a remote server, as noted from the sou…”
T1176.001Browser Extensions
86%
“listeners that trigger for every completed http request across all websites. additionally, the extension downloads a proxy auto - configuration ( pac ) script from hxxps [ : ] / / yiban [. ] io / extension / proxy. pac? t = huiyi on startup and applies it via chrome. proxy. setti…”
T1176Software Extensions
85%
“documented in a threat research article by socket. the campaign runs six extensions that silently inject affiliate tags into several popular online retailers or fast fashion brands without user consent. our analysis adds a distinct finding : all six bear ai - generated code finge…”
T1176Software Extensions
84%
“rat targeting ai developers ( february 2026 ) browser extensions expand the client - side attack surface browser extensions operate within the browser ' s trusted process with user - granted permissions. they can read and modify web content, intercept network requests, access coo…”
T1176.001Browser Extensions
84%
“that ai extension helping you write emails? it ’ s reading them first executive summary we found 18 ai browser extensions marketed as productivity tools that are not as they seem. this group includes extensions such as : - one that surveils your emails as you compose them - anoth…”
T1176Software Extensions
82%
“when extensions read sensitive data directly from the rendered page dom rather than intercepting network traffic, bypassing network - level security controls entirely. this case study is for an extension named supersonic ai that performs aitb. - extension id : eebihieclccoidddmjc…”
T1176Software Extensions
76%
“in table 1. table 1. recurring techniques seen in genai high - risk extensions. as genai becomes the primary interface for professional and creative workflows, these extensions can potentially gain direct access to sensitive user information. if operated within the same execution…”
T1176Software Extensions
71%
“and to systematically disrupt malicious cyber actors. learn more about the cyber threat alliance. acknowledgments we ’ d like to thank the entire unit 42 team for supporting us with this article. special thanks to samantha stallings, bradley duncan, lysa myers for helping us revi…”
T1176.001Browser Extensions
70%
“plaintext. this means all the emails from the victim ' s account, including those that are read, sent or displayed. figure 7 demonstrates this in action within our sandbox environment, showing a social media platform one - time password ( otp ) being exposed during the exfiltrati…”
T1176.001Browser Extensions
70%
“when extensions read sensitive data directly from the rendered page dom rather than intercepting network traffic, bypassing network - level security controls entirely. this case study is for an extension named supersonic ai that performs aitb. - extension id : eebihieclccoidddmjc…”
T1176Software Extensions
65%
“listeners that trigger for every completed http request across all websites. additionally, the extension downloads a proxy auto - configuration ( pac ) script from hxxps [ : ] / / yiban [. ] io / extension / proxy. pac? t = huiyi on startup and applies it via chrome. proxy. setti…”
T1539Steal Web Session Cookie
63%
“same google account ) it then registers a listener on chrome ' s cookie change events, as noted in the code snippet in figure 11. when the user deletes the tracking cookie, the extension recreates the deleted cookie. because the id is also stored in chrome. storage. sync, it pers…”
T1176.001Browser Extensions
60%
“documented in a threat research article by socket. the campaign runs six extensions that silently inject affiliate tags into several popular online retailers or fast fashion brands without user consent. our analysis adds a distinct finding : all six bear ai - generated code finge…”
T1176.001Browser Extensions
59%
“in table 1. table 1. recurring techniques seen in genai high - risk extensions. as genai becomes the primary interface for professional and creative workflows, these extensions can potentially gain direct access to sensitive user information. if operated within the same execution…”
T1176.002IDE Extensions
57%
“documented in a threat research article by socket. the campaign runs six extensions that silently inject affiliate tags into several popular online retailers or fast fashion brands without user consent. our analysis adds a distinct finding : all six bear ai - generated code finge…”
T1071.001Web Protocols
50%
“##6d5c4146812f07105f8b89bd76dd994f540470cd1c4bc37df37d5 rats generally require victims to download and execute suspicious files, actions that security software typically detects as clear indicators of compromise. this genai - era adaptation disguises the rat as an “ ai browser au…”
T1539Steal Web Session Cookie
49%
“resume to a remote endpoint at api. reverserecruiting [. ] io / v1 / profile / sync. search hijacker : chat ai for chrome a search hijacker is malware that modifies browser search settings to redirect user queries through attacker - controlled servers, enabling search traffic int…”
T1176.001Browser Extensions
45%
“same google account ) it then registers a listener on chrome ' s cookie change events, as noted in the code snippet in figure 11. when the user deletes the tracking cookie, the extension recreates the deleted cookie. because the id is also stored in chrome. storage. sync, it pers…”
T1195.001Compromise Software Dependencies and Development Tools
38%
“documented in a threat research article by socket. the campaign runs six extensions that silently inject affiliate tags into several popular online retailers or fast fashion brands without user consent. our analysis adds a distinct finding : all six bear ai - generated code finge…”
T1555.003Credentials from Web Browsers
36%
“plaintext. this means all the emails from the victim ' s account, including those that are read, sent or displayed. figure 7 demonstrates this in action within our sandbox environment, showing a social media platform one - time password ( otp ) being exposed during the exfiltrati…”
T1176.002IDE Extensions
36%
“that ai extension helping you write emails? it ’ s reading them first executive summary we found 18 ai browser extensions marketed as productivity tools that are not as they seem. this group includes extensions such as : - one that surveils your emails as you compose them - anoth…”
T1176.001Browser Extensions
35%
“debugger protocol attachment for https traffic interception - filling out forms - capturing screenshots - accessing browsing history when a victim clicks connect in the pop - up, the extension establishes a persistent websocket connection to a remote server, as noted from the sou…”
T1176.002IDE Extensions
35%
“caution by sourcing extensions only from trusted providers and adhering to the principle of least privilege. users must scrutinize requested permissions, as granting broad access to browser data can authorize the interception of sensitive credentials and proprietary session infor…”
T1176Software Extensions
33%
“plaintext. this means all the emails from the victim ' s account, including those that are read, sent or displayed. figure 7 demonstrates this in action within our sandbox environment, showing a social media platform one - time password ( otp ) being exposed during the exfiltrati…”

Summary

Unit 42 uncovers high-risk AI browser extensions. Disguised as productivity tools, they steal data, intercept prompts, and exfiltrate passwords. Protect your browser.

The post That AI Extension Helping You Write Emails? It’s Reading Them First appeared first on Unit 42.