Fake Perplexity Chrome extension secretly logged users' searches

A Chrome extension that pretended to be the popular Perplexity AI search service was quietly spying on everything users typed into their browser, and people who installed it are still exposed even though Google has taken it down. The add-on, called "Search for perplexity ai," funneled each search through a server controlled by its operator before passing it on to a real search engine, so results looked normal while every query was being recorded.

Researchers at Microsoft's Defender Security Research Team disclosed the extension on June 29 after finding it impersonating the real company at perplexity.ai while routing traffic through a typosquatted lookalike domain, perplexity-ai[.]online. Google removed the listing from the Chrome Web Store, but pulling a listing does not uninstall it from browsers that already have it, so the fix is a manual one.

How the extension harvested searches

The add-on used a legitimate permission, chrome_settings_overrides, to make itself the browser's default search engine. On its own that is normal behavior. The warning sign was a second permission it requested, declarativeNetRequest, which let it rewrite network traffic and send users' searches to the attacker's server first. Microsoft noted this permission was not needed for the extension's advertised job, which is what gave the surveillance away.

Because it also tapped into Chrome's search suggestion feed, the interception happened in real time. Anything typed into the address bar was captured along with the user's IP address, browser headers, and user-agent string, and it was sent off even if the text was deleted before Enter was pressed. Microsoft concluded that spying, not search redirection, was the actual purpose. No operator has been publicly named.

What you should do

If you ever added "Search for perplexity ai," remove it now. Open chrome://extensions/, turn on Developer mode, and check the 32 character ID of each extension against the one listed on the developer's official site, because extension names in Chrome are not unique and criminals count on that. Uninstall anything you do not actively use, and grant an extension only the permissions its stated function actually requires.

This is less a Perplexity problem than an AI branding problem. IntelFusions has tracked a string of similar cases, including fake AI extensions that stole emails and ChatGPT prompts and Microsoft's own takedown of 119 malicious Edge extensions served to millions of users. A Stanford and CISPA study cited in the research found malicious extensions survive in the Chrome Web Store for roughly 380 days on average before removal, and shiny AI names simply make the bait more tempting. You can read the original report for the full technical breakdown.

This briefing is provided by IntelFusions for informational and defensive purposes only. It is based on sources assessed to be reliable at the time of writing, and analytic judgments carry the confidence levels indicated. Indicators of compromise are defanged; re-arm them only in controlled environments. IntelFusions is not affiliated with the organizations named and makes no warranty as to completeness or accuracy.

Read the full analysis on IntelFusions