Malicious Perplexity Chrome Extension Stole User Search Data

Microsoft discovered a malicious Google Chrome extension that impersonated the AI search engine Perplexity, secretly capturing user search queries and address bar input. The extension, identified as "Perplexity", routed all user searches and typed characters through a server controlled by attackers before presenting legitimate search results. This allowed the attackers to log sensitive information entered by users.

Microsoft's Threat Intelligence team reported that the extension was designed to exfiltrate data, including every query submitted and every character typed into the address bar. This information was then sent to a command-and-control server operated by the threat actor. The extension operated discreetly, ensuring users were unaware their data was being intercepted.

Following a responsible disclosure process, Google has removed the malicious extension from the Chrome Web Store. This incident highlights the ongoing threat of malicious browser extensions that leverage the popularity of AI tools to deceive users and steal their data. Users are advised to exercise caution when installing browser extensions and to regularly review their installed extensions for any suspicious activity.

The discovery underscores the importance of security vigilance in the digital space, particularly as AI-powered tools become more integrated into daily online activities. The ability of such extensions to mimic legitimate services poses a significant risk to user privacy and data security.