Microsoft Threat Intelligence reported around June 29, 2026 that a malicious Chrome extension impersonating Perplexity AI's official add-on had been covertly collecting users' search queries, prompting Google to remove it from the Chrome Web Store.
June 29, 2026 · Microsoft Threat Intelligence
Fake "Perplexity AI" Chrome Extension Secretly Logged Every Search You Typed
A counterfeit extension impersonated the popular AI research tool, hijacked the browser's default search, and quietly captured address-bar input before passing it on. Google pulled it from the Chrome Web Store after disclosure.
100%
of address-bar queries routed through attacker-controlled servers
2-hop
redirect chain so results still looked normal — hard to notice
0
evidence of credential theft found — but well positioned to expand
How a typed query was intercepted
You type in Omnibox
search, mistyped URL, sometimes a password
→
Attacker server
logs query, headers, User-Agent, source IP
→
Real search engine
Perplexity, Google, Bing — results show normally
The deception, by detail
Branding and domains were crafted to mimic the legitimate tool — close enough to pass a quick glance.
Fake extension name
Search for perplexity ai
Spoofed domain
perplexity-ai.online
legit: perplexity.ai
Manifest abused
Manifest V3 (v2.2)
declarativeNetRequest API
Why researchers are alarmed
Capturing characters as they are typed behaves like an Omnibox "keylogger." Passwords and internal tool URLs are sometimes mistyped into the address bar — meaning sensitive data could be swept up too.
What to do
Verify an extension's publisher and domain; install only official releases. Chrome and Edge users who may have added it should check — the install count was never disclosed.
Continue reading The rest of this article is for AI News Blitz readers. Choose an option below to keep reading.
Already purchased? Sign in ✓ Signed in — this article isn’t included in your current plan.Unlocking the full article…