Application security , Identity , AI/ML , Threat Intelligence , Phishing ‘AiFrame’ browser attacks continue with fake authenticator, converter extensions April 24, 2026 Share By Laura French Six new malicious extensions have been identified as part of the “AiFrame” browser attack campaign, including a fake two-factor authentication (2FA) app, DomainTools reported Friday . AiFrame, first identified by LayerX Security in February 2026, originally involved 32 Chrome extensions impersonating popular AI tools such as ChatGPT, Google Gemini and DeepSeek. These malicious extensions were installed about 260,000 times before being removed from the Chrome Web Store. The latest group of extensions, tied to the same attacker infrastructure, includes one AI extension seemingly republished with a different name and six additional extensions focused on file conversion, 2FA and AI chat export utilities. These extensions, which include names like “AI Chat to PDF,” “Convert HEIC to JPG” and “2FA,” request excessive permissions allowing them to read and modify content on any website. In the attacks previously described by LayerX, the extensions leveraged these permissions to inject iframes into web pages, allowing them to overlay phishing pages and fake paywalls, and send potentially sensitive page contents back to the attacker’s domain. DomainTools analyzed three of the six newly discovered extensions and found that two of them already included malicious iframe-injection mechanisms while another showed signs of staging for eventual addition of malicious functionality. AI Chat to PDF, which has been installed about 30,000 times, injects a fake paywall in front of the Google Gemini chat the user is attempting to export, claiming the user needs to pay to continue using Gemini. It also monitors the page DOM to catalog the user’s AI conversations for potential exfiltration, the researchers said. In addition, a background service worker continuously sends user event telemetry to the attacker’s server and acts as a storage proxy, allowing the attacker to read, write and delete keys in the user’s Chrome storage, the researchers said. The Convert HEIC to JPG extension, which has 20,000 installations, also deploys an iframe, which is hidden inside a shadow DOM to evade security scanners. This iframe also displays a paywall and can receive commands from the attacker’s server to redirect the user to any webpage. The "2FA" extension, also called "2FA Authenticator" in its description, has 50,000 installs and does not currently include explicitly malicious functionality, but requests excessive permissions and includes a dormant message listener that the researchers say could serve as a “scaffolding” to relay information between injected scripts and the attacker’s server. There are also signs the extension aims to impersonate the official Google Authenticator, including a link to the real Google Authenticator on the web page linked to the Chrome Web Store listing and a graphic stating the app is “Trusted by 12M users.” SC Media noted that when viewing the Chrome Web Store listing via the Microsoft Edge browser, a message appears at the top of the page reading “Google Authenticator works on Microsoft Edge.” Microsoft Edge banner prompts installation of "Google Authenticator" when viewing "2FA" extension tied to AiFrame campaign. (Credit: Laura French) Upon installation, 2FA Authenticator opens a welcome page hosted at authenticator[.]whitelab[.]studio, and the whitelab[.]studio website lists the other six extensions in the campaign, including the republished “AI Agent” extension previously identified by LayerX under the name “Google Gemini.” These extensions are also tied together by shared command-and-control (C2) infrastructure at appbox[.]space, while the previous AiFrame extensions used the C2 domain tapnetic[.]pro. Several of the new extensions were submitted user developer email addresses containing the word “tapnetic,” and the whitelab[.]studio domain was registered around the same time the previous campaign was uncovered, further corroborating a connection between the campaigns. All of the extensions tied to whitelab[.]studio remained available in the Chrome Web Store as of Friday afternoon, with a total install count of 134,000 across the seven extensions. “Considering the scale of these extensions in at least many dozens, the persistent behavior of the actor behind them going back as early as 2024, and the potentially hundreds of thousands of impacted users, this highlights the need for more expeditious identification and disruption actions against malicious applications and infrastructure,” DomainTools concluded. Laura French Related Ransomware UNC6692 impersonates help desk employees to drop SNOW malware via Teams Steve Zurier April 24, 2026 Attackers abuse Teams chat to deliver malware after help desk phishing scam. Supply chain Checkmarx supply chain hack impacts Bitwarden CLI SC Staff April 24, 2026 Bitwarden CLI was reported by Socket and JFrog researchers to have been affected by the TeamPCP-linked supply chain intrusion against Checkmarx, according to The Hacker News. Application security Ring the alarm! Your IT security program has a mobile-app gap Paul Wagenseil April 23, 2026 As mobile apps take over the digital landscape, securing them effectively is essential. Related Events Cybercast Protecting Application User Data for Better Privacy, Governance, and Compliance On-Demand Event Cybercast The Next Evolution of Application Security: AI- Accelerated DevSecOps On-Demand Event Cybercast Scaling secure software in the age of AI: Turning intelligence into action On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Backdoor Brute Force Cache Cramming Challenge-Handshake Authentication Protocol (CHAP) Client Covert Channels DNS Spoofing Deepfake Denial of Service Digital Certificate You can skip this ad in 5 seconds