Malicious Fake Perplexity Chrome Extension Logged User Searches Before Redirecting to Real Results
Microsoft's Defender Research team discovered a malicious Chrome extension impersonating the AI search engine Perplexity. Named 'Search for perplexity ai', the extension replaced the default search engine and routed all queries through an attacker-controlled domain, logging search terms, IP addresses, browser headers, and user-agent data before forwarding users to legitimate results. It also intercepted keystrokes in Chrome's address bar before users pressed Enter. Google removed the extension after Microsoft's responsible disclosure. The incident highlights the growing trend of attackers exploiting AI brand trust to distribute malicious extensions, and underscores the need for enterprise browser extension governance, endpoint monitoring, and employee training.