{"id":"https://openalex.org/W4417293751","doi":"https://doi.org/10.48550/arxiv.2512.10029","title":"Malicious GenAI Chrome Extensions: Unpacking Data Exfiltration and Malicious Behaviours","display_name":"Malicious GenAI Chrome Extensions: Unpacking Data Exfiltration and Malicious Behaviours","publication_year":2025,"publication_date":"2025-12-10","ids":{"openalex":"https://openalex.org/W4417293751","doi":"https://doi.org/10.48550/arxiv.2512.10029"},"language":null,"primary_location":{"id":"pmh:oai:arXiv.org:2512.10029","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2512.10029","pdf_url":"https://arxiv.org/pdf/2512.10029","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2512.10029","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5120791294","display_name":"Shresta B. Seetharam","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Seetharam, Shresta B.","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033996366","display_name":"Mohamed Nabeel","orcid":"https://orcid.org/0000-0003-3502-9914"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Nabeel, Mohamed","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5114352906","display_name":"William Melicher","orcid":"https://orcid.org/0000-0002-2505-684X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Melicher, William","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5120791294"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.7657999992370605,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.7657999992370605,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.11410000175237656,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.029899999499320984,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.59579998254776},{"id":"https://openalex.org/keywords/extension","display_name":"Extension (predicate logic)","score":0.4672999978065491},{"id":"https://openalex.org/keywords/unpacking","display_name":"Unpacking","score":0.45890000462532043},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.4578999876976013},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.39959999918937683},{"id":"https://openalex.org/keywords/web-browser","display_name":"Web browser","score":0.37209999561309814},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.36809998750686646},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.35010001063346863}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6937000155448914},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.59579998254776},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5616000294685364},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.4749999940395355},{"id":"https://openalex.org/C2778029271","wikidata":"https://www.wikidata.org/wiki/Q5421931","display_name":"Extension (predicate logic)","level":2,"score":0.4672999978065491},{"id":"https://openalex.org/C2777256151","wikidata":"https://www.wikidata.org/wiki/Q7897273","display_name":"Unpacking","level":2,"score":0.45890000462532043},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.4578999876976013},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.39959999918937683},{"id":"https://openalex.org/C2983909278","wikidata":"https://www.wikidata.org/wiki/Q6368","display_name":"Web browser","level":3,"score":0.37209999561309814},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.36809998750686646},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.35010001063346863},{"id":"https://openalex.org/C512654426","wikidata":"https://www.wikidata.org/wiki/Q19652","display_name":"Public domain","level":2,"score":0.31360000371932983},{"id":"https://openalex.org/C2988987868","wikidata":"https://www.wikidata.org/wiki/Q32635","display_name":"Domain name","level":3,"score":0.2955999970436096},{"id":"https://openalex.org/C165609540","wikidata":"https://www.wikidata.org/wiki/Q1172486","display_name":"Data breach","level":2,"score":0.29260000586509705},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.28130000829696655},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.27639999985694885},{"id":"https://openalex.org/C137822555","wikidata":"https://www.wikidata.org/wiki/Q2587068","display_name":"Information sensitivity","level":2,"score":0.26919999718666077},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.26570001244544983},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.26339998841285706},{"id":"https://openalex.org/C77714075","wikidata":"https://www.wikidata.org/wiki/Q5452017","display_name":"Firewall (physics)","level":5,"score":0.2628999948501587}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:arXiv.org:2512.10029","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2512.10029","pdf_url":"https://arxiv.org/pdf/2512.10029","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"doi:10.48550/arxiv.2512.10029","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2512.10029","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2512.10029","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2512.10029","pdf_url":"https://arxiv.org/pdf/2512.10029","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"The":[0],"rapid":[1,210],"proliferation":[2],"of":[3,58,70,126,140,212],"AI":[4,26,155,158],"and":[5,95,144,160,175,187,192],"GenAI":[6,31,149,185,213],"tools":[7,27],"has":[8],"extended":[9],"to":[10,33,51,79,163],"the":[11,56,62,80,138,200,209],"Chrome":[12,22,81,109],"Web":[13,82],"Store.":[14,83],"Cybercriminals":[15],"are":[16,183],"exploiting":[17,188],"this":[18,59,120],"trend,":[19],"deploying":[20],"malicious":[21,108,128,195],"extensions":[23,37,73,113,129],"posing":[24],"as":[25,168],"or":[28,46],"impersonating":[29],"popular":[30],"models":[32],"target":[34],"users.":[35],"These":[36],"often":[38],"appear":[39],"legitimate":[40],"while":[41],"secretly":[42],"exfiltrating":[43],"sensitive":[44],"data":[45],"redirecting":[47],"users":[48],"web":[49],"traffic":[50],"attacker-controlled":[52],"domains.":[53],"To":[54],"examine":[55],"impact":[57],"trend":[60],"on":[61],"browser":[63,189,201],"extension":[64,190,202],"ecosystem,":[65],"we":[66,103],"curated":[67],"a":[68,76,85,123],"dataset":[69],"5,551":[71],"AI-themed":[72],"released":[74],"over":[75],"nine-month":[77],"period":[78],"Using":[84],"multi-signal":[86],"detection":[87],"methodology":[88],"that":[89,180,199],"combines":[90],"manifest":[91],"analysis,":[92],"domain":[93],"reputation,":[94],"runtime":[96],"network":[97],"behavior,":[98],"supplemented":[99],"with":[100,112],"human":[101],"review,":[102],"identified":[104],"154":[105],"previously":[106],"undetected":[107],"extensions.":[110],"Together":[111],"known":[114],"from":[115],"public":[116],"threat":[117,181,203],"research":[118],"disclosures,":[119],"resulted":[121],"in":[122],"final":[124],"set":[125],"341":[127],"for":[130,194],"analysis.":[131],"Of":[132],"these,":[133],"29":[134],"were":[135],"GenAI-related,":[136],"forming":[137],"focus":[139],"our":[141],"in-depth":[142],"analysis":[143],"disclosure.":[145],"We":[146],"deconstruct":[147],"representative":[148],"cases,":[150],"including":[151],"Supersonic":[152],"AI,":[153],"DeepSeek":[154],"|":[156],"Free":[157],"Assistant,":[159],"Perplexity":[161],"Search,":[162],"illustrate":[164],"attacker":[165],"techniques":[166],"such":[167],"Adversary-in-the-Browser,":[169],"impersonation,":[170],"bait-and-switch":[171],"updates,":[172],"query":[173],"hijacking,":[174],"redirection.":[176],"Our":[177],"findings":[178],"show":[179],"actors":[182],"leveraging":[184],"trends":[186],"APIs":[191],"settings":[193],"purposes.":[196],"This":[197],"demonstrates":[198],"landscape":[204],"is":[205],"directly":[206],"evolving":[207],"alongside":[208],"adoption":[211],"technologies.":[214]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-12-13T00:00:00"}