Malicious Perplexity look-alike extension logged every search and keystroke typed
Microsoft found a malicious Chrome extension impersonating the AI search engine Perplexity that quietly logged users' searches and address-bar input. Calling itself "Search for perplexity ai" and using a look-alike domain, it set itself as the default search engine and routed every query through an attacker server, which logged it with the user's IP and browser details before redirecting to a real engine so results looked normal. Worse, it also pointed the browser's live search suggestions at the attacker, so each character typed in the address bar was sent before the user even pressed Enter. Microsoft found no password theft, but far more access than a search tool needs. Google removed it.
- Check
- Check whether anyone installed the 'Search for perplexity ai' extension, confirm the default search engine has not been changed, and watch for browser traffic to unfamiliar look-alike domains imitating AI services.
- Affected
- Users who installed the fake Perplexity extension; their searches and every character typed into the address bar were sent to an attacker-controlled server, exposing potentially sensitive queries and browsing intent.
- Fix
- Remove the extension, reset the default search engine, and allow only approved extensions through browser policy. Treat AI-branded tools with extra suspicion and verify the publisher and domain before installing anything.