AI Sidebar Spoofing: The Invisible Threat

Cybersecurity researchers have recently uncovered a new attack technique targeting AI-powered browsers, known as “AI Sidebar Spoofing.”

This attack exploits the growing tendency of users to trust AI-generated responses blindly. According to reports, the exploit has successfully impacted two popular AI browsers — Comet by Perplexity and Atlas by OpenAI.

Initial experiments were conducted on the Comet browser, but follow‑up tests confirmed the same method could be replicated on Atlas as well.

While the examples below focus on Comet, all technical aspects apply to Atlas too.

How Did AI Browsers Emerge?

Between 2023 and 2024, the idea of transforming web search through artificial intelligence began to take shape. Early implementations appeared as AI sidebars integrated into mainstream browsers like Microsoft Edge Copilot and Brave Leo.

These sidebars could summarize web pages, answer questions, analyze content, or guide users through websites.

By 2025, the concept evolved dramatically. Perplexity launched Comet, the first browser fully built around human–AI interaction. Soon after, OpenAI released Atlas with a similar philosophy.

In both browsers, the central input bar became the main interface for user‑AI communication.

Next‑Generation AI Browsers: Comet and Atlas

The home interface of both browsers was minimalistic, featuring an AI sidebar that appeared beside web content.

Without leaving the current page, users could ask the AI to summarize articles, explain terms, compare data, or even generate scripts and tasks.

This deep integration made users perceive AI responses as reliable and unquestionable, creating the perfect environment for sidebar spoofing attacks.

How Attackers Execute the Spoofing

The attack typically starts when a user installs what appears to be a harmless browser extension.

Its permission requests seem perfectly normal, raising no suspicion. After installation, the malicious extension:

• Injects JavaScript code into active web pages
• Creates a fake sidebar nearly indistinguishable from the real one
• Captures user prompts and forwards them to a legitimate AI model (e.g., Google Gemini)
• Displays authentic responses — unless the attacker decides to intervene

The result is a convincing but counterfeit AI assistant that can inject manipulated answers, phishing links, or malicious commands whenever triggered.

How Likely Is Infection?

Very likely.

The Chrome Web Store has repeatedly hosted malicious extensions, despite Google’s strict review systems.

Past incidents have shown dozens of compromised plugins, proving that this attack vector is entirely realistic.

Consequences of AI Sidebar Spoofing

Researchers identified three major attack scenarios:

1. Binance Credential Theft via Phishing Links
2. Google Account Takeover
3. System Compromise Through Altered Installation Commands

When a user asks how to sell crypto on Binance, the fake sidebar provides a legitimate‑looking response — but links to a fraudulent domain like binacee/.

The impersonated login page looks authentic. Entering credentials and 2FA codes allows attackers to take full control of the user’s crypto wallet.

The spoofed AI sidebar may provide a download link to a fake file‑sharing service.

Users are prompted to log in with their Google Account, unknowingly granting full access permissions to Gmail and Drive.

Once authorized, attackers can read and send emails, download files, and impersonate the victim for further attacks.

In another case, a user asks how to install a command‑line tool like Homebrew.

The fake sidebar returns a real installation guide but replaces the final command with a reverse shell.

Executing that command gives the attacker direct remote access to the system.

Protecting Yourself from Fake AI Sidebars

• Never execute AI‑generated commands or links without verification.
• Before running suggested code, cross‑check it in a separate browser or trusted source.
• Install extensions only when necessary, and review them periodically.
• Read user reviews before installing any plugin.
• Always inspect website URLs carefully — look for subtle misspellings or fake domains.
• Use a secure password manager; if autofill doesn’t activate, phishing is likely.
• Deploy a reliable security suite to monitor and block suspicious browser behavior.

 

Source: MedadPress
www.medadpress.ir