The Good Tech Companies - AI Sidebar Spoofing Attack:SquareX Uncovers Malicious Extensions That Impersonate AI Browser Sidebar
Episode Date: October 23, 2025This story was originally published on HackerNoon at: https://hackernoon.com/ai-sidebar-spoofing-attacksquarex-uncovers-malicious-extensions-that-impersonate-ai-browser-sidebar. ... The attack can trick users into executing dangerous commands that can lead to credential theft, device hijacking, and password exfiltration. Check more stories related to cybersecurity at: https://hackernoon.com/c/cybersecurity. You can also check exclusive content about #cybersecurity, #squarex, #cybernewswire, #press-release, #squarex-announcement, #cyber-threats, #cyber-security-awareness, #good-company, and more. This story was written by: @cybernewswire. Learn more about this writer by checking @cybernewswire's about page, and for more stories, please visit hackernoon.com. The AI Sidebar Spoofing attack leverages malicious browser extensions to impersonate trusted AI sidebar interfaces. The attack can trick users into executing dangerous commands that can lead to credential theft, device hijacking, and password exfiltration.
Transcript
Discussion (0)
This audio is presented by Hacker Noon, where anyone can learn anything about any technology.
AI sidebar Spoofing Attack.
SquareX uncovers malicious extensions that impersonate AI browser sidebar.
By Cyber Newswire, Polo Alto, California, October 23, 2025, Cyber Newswire, SquareX
released critical research exposing a new class of attack targeting AI browsers.
The AI sidebar spoofing attack leverages malicious browser extensions to impersonate
trusted AI sidebar interfaces, which is used to trick users into executing dangerous commands
that can lead to credential theft, device hijacking, and password exfiltration.
The research demonstrates how attackers can exploit users trust in AI browser sidebars,
the primary interface through which users interact with AI browsers like Comet, as well as
consumer browsers with AI features like Brave and Edge. By creating pixel-perfect replicas
of legitimate AI sidebars, malicious extensions return AI generated responses that include
harmful instructions that unsuspecting users follow. Greater than, AI has become an essential tool for
millions of users to learn new skills and greater than complete tasks. Unfortunately, this has created
a dangerous dynamic where greater than people blindly follow AI generated instructions without
the expertise to greater than identify security risks, explains Vivek Ramachandran,
founder and CEO of Greater Than SquareX. With no visual or workflow difference,
the AI sidebar spoofing greater than attack exploits the trust users place on these AI
interfaces, tricking them greater than into performing malicious tasks that they may not fully
understand or are greater than aware of. SquareX illustrates the AI sidebar spoofing
attacks with three main case studies, but warns that we will likely see many variants of the
attack develop. In one example, the user asks the AI sidebar how to withdraw cryptocurrency from
their account. The fake AI sidebar returns what looks like legitimate instructions but replaces
the Binance login page URL with a fishing link. Thinking it was instructions generated by
comet, the user enters the ERC credentials in the fishing site, which the attacker then uses to
log in to the victim's account to access their cryptocurrency. In other examples, users
we re-given false instructions to execute malicious commands that allowed attackers to exfiltrate
passwords and hijack their device and execute ransomware attacks remotely.
The researchers also showed that other AI browsers and consumer browsers
implementing AI sidebars like Edge, Firefox, and Safari are equally vulnerable to the
AI sidebar spoofing attack. This means that even if organizations restrict the use of AI browsers,
users are still subject to these attacks as it can be operated on any browser with an AI
sidebar. Surprisingly, these attacks require only basic browser extension permissions,
commonly found in popular extensions like Grammarly and password managers,
making them difficult to detect by simply looking at permission analysis.
In fact, the AI sidebar spoofing extension can remain dormant,
providing legitimate responses until they see an opportunity to trick users into doing
something malicious based on their prompt. Thus, it is absolutely critical that enterprises
have both the ability to perform dynamic analysis on extension behavior at runtime,
as well as granular browser native guardrails to warn and block users from following malicious
instructions. For more information, users can refer to the technical blog. About Squarex
Squarex's browser extension turns any browser on any device into an enterprise-grade
secure browser, including AI browsers. Squarex's industry first browser detection and response,
BDR, solution empowers organizations to proactively defend against browser native threats
including rogue AI agents, last-mile reassembly attacks, malicious extensions and identity
attacks. Unlike dedicated enterprise browsers, SquareX seamlessly integrates with users' existing
consumer browsers, delivering security without compromising user experience. More information about
SquareX's research led innovation at wwwww.sqrx.com. Contact head of PR Junis Liu SquareX
Junis at SQRX.com. Thank you for listening to this Hackernoon story, read by artificial
intelligence. Visit hackernoon.com to read, write, learn and
publish.