Fake Perplexity Chrome Extension Logged Searches and Address Bar Input
A malicious Chrome extension impersonating the Perplexity AI search engine intercepted user searches and address bar input, routing all queries through attacker-controlled servers. Microsoft discovered the threat, which Google subsequently removed from the Chrome Web Store following responsible disclosure.
TL;DR
- Malicious extension posed as legitimate Perplexity AI search tool to evade user detection
- Captured all search queries and address bar keystrokes before redirecting to real results
- Routed intercepted data through attacker infrastructure for data harvesting
- Google removed extension after Microsoft's responsible disclosure to the vendor
- Highlights risks of browser extension supply chain and importance of verification
Microsoft security researchers identified a malicious Chrome extension masquerading as the Perplexity AI search engine. The extension silently intercepted user search queries and every keystroke entered into the browser's address bar, funneling this sensitive input through attacker-controlled infrastructure before delivering users to legitimate search results.
The threat demonstrates how browser extensions remain a high-risk attack surface. By impersonating a trusted third-party service, attackers can bypass user skepticism and establish persistent data collection mechanisms with minimal friction. This incident underscores the importance of verifying extension authenticity and monitoring browser extension behavior.
Google removed the extension from the Chrome Web Store after Microsoft disclosed the threat responsibly to the vendor, preventing further installations.
Attack Mechanism and Data Interception
- Extension intercepted all search queries typed by users
- Captured every character entered into the browser address bar
- Routed intercepted data through attacker-controlled servers before showing results
- Maintained transparent user experience to avoid detection
- Leveraged trusted Perplexity brand to gain user trust and installation
Security Implications and Mitigation
- Browser extensions have privileged access to user input and browsing activity
- Supply chain risk: malicious actors can impersonate legitimate services in app stores
- Users should verify extension publishers and review requested permissions carefully
- Organizations should audit and restrict browser extensions in enterprise environments
- Responsible disclosure process enabled swift removal before widespread harm
Sources
Sources
Security email updates
One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.