Microsoft discovered a malicious Chrome extension pretending to be Perplexity that intercepted user searches and address bar input. This extension logged every search query and typed character before redirecting users to legitimate search engines, posing a significant data privacy risk.
Microsoft identified a Chrome extension posing as the AI search engine Perplexity, named 'Search for perplexity ai.' This extension was designed to log every search query and keystroke made in the browser's address bar, compromising user privacy by routing this data through an attacker-controlled server.
Once installed, the extension changed the browser's default search engine to the attackerβs domain, perplexity-ai[.]online. It logged the search queries along with browser headers, IP address, and user agent information before redirecting users to legitimate search results from services like Google or Bing.
Chrome's search provider overrides allowed the extension to capture all input typed in the address bar, not just completed searches. This functionality, often legitimate in other extensions, became a significant vector for data collection in this case.
The discovery of this malicious extension highlights a trend of malicious software masquerading under AI branding. Microsoft reported that similar extensions have been linked to over 900,000 installations across thousands of corporate networks, emphasizing the growing risk to user data integrity.
Following responsible disclosure, Google removed the malicious extension from the Chrome Web Store. Microsoft urged users to remain vigilant about extensions, especially those that modify search settings or request extensive permissions.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
Microsoft discovered a malicious Chrome extension pretending to be Perplexity that intercepted user searches and address bar input. This extension logged every search query and typed character before redirecting users to legitimate search engines, posing a significant data privacy risk.