News

Malicious Chrome Extension Posed as Perplexity AI to Steal Search Data

A malicious Chrome extension mimicked Perplexity AI to intercept and log users' search queries, redirecting traffic through an attacker-controlled server.

Microsoft uncovered a rogue Chrome extension posing as Perplexity AI, which secretly logged users' search queries and address bar input. Google removed it after disclosure, but the incident highlights ongoing risks of AI-branded malware.

Malicious Chrome Extension Posed as Perplexity AI to Steal Search Data

Microsoft has uncovered a malicious Chrome extension that masqueraded as the AI search engine Perplexity, secretly logging users' search queries and address bar input. The extension, named 'Search for perplexity ai' (ID: flkebkiofojicogddingbdmcmkpbplcd), was removed from the Chrome Web Store after Microsoft's responsible disclosure to Google.

How the Extension Operated

The extension used a look-alike domain, perplexity-ai[.]online, to deceive users into believing it was associated with the legitimate Perplexity AI service at perplexity.ai. Once installed, it set itself as the browser's default search engine. Every search query was first routed through the attacker-controlled server, which logged the query along with the user's browser headers, IP address, and user agent information.

After logging the data, the server redirected users to a legitimate search engine, such as Perplexity, Google, or Bing, making the results appear normal. This redirection mechanism ensured that users remained unaware of the data theft.

Address Bar Exploitation

The extension also targeted the browser's live search suggestions, directing input to the attacker's server even before the user pressed Enter. This meant that every character typed into the address bar was logged, providing the attacker with extensive data on user behavior.

Microsoft's Defender research team noted that while there was no evidence of password theft, the extension requested far more access than a typical search tool should require. It used Chrome's declarativeNetRequest permissions to rewrite and redirect traffic, which Microsoft described as a deliberate data collection mechanism rather than a side effect of the redirection process.

Potential for Expanded Attacks

The extension included disabled redirect rules for Google and Bing, suggesting that the attacker could have expanded the operation to target searches on those platforms as well. Additionally, the extension was equipped to run WebAssembly code, a feature unnecessary for a simple search tool, indicating potential for further malicious activity.

Part of a Larger Trend

This incident is part of a growing trend of malicious extensions exploiting AI branding to deceive users. Previous cases have involved extensions hijacking search providers or stealing data from AI chat platforms like ChatGPT and DeepSeek. Microsoft's research has linked such malicious activity to over 900,000 installs across more than 20,000 company networks.

Recommendations for Users and Teams

Microsoft advises users who installed the 'Search for perplexity ai' extension to remove it immediately and verify that their default search engine settings have not been altered. For organizations, Microsoft recommends:

  • Allowing only approved extensions through browser or company policies.
  • Monitoring for changes in search settings, unusual extension permissions, and traffic to unfamiliar domains.
  • Treating AI-branded tools with heightened suspicion and verifying the publisher and domain before installation.

The identity of the attacker remains unknown, and Microsoft did not disclose how many users installed the extension before its removal. However, the incident underscores the ongoing risks associated with malicious extensions exploiting AI branding to compromise user data.