Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input
Summary
Microsoft discovered a malicious Chrome extension disguised as the AI search engine Perplexity. This extension secretly recorded user search queries and address bar input, forwarding them to a server controlled by attackers before displaying legitimate search results. Google has since removed the extension from its store following a responsible disclosure.
IFF Assessment
This malicious extension represents a threat to user privacy and data security by intercepting sensitive search and browsing information.
Defender Context
This incident highlights the ongoing threat of malicious browser extensions that impersonate legitimate services to harvest user data. Defenders should educate users on the risks of installing third-party extensions and advise on best practices for verifying extension legitimacy, such as checking developer reputation and reviewing permissions.