Malicious Perplexity Extension Abused Chrome Search Overrides to Log Queries and Keystrokes via perplexity-ai.online

Microsoft Defender telemetry showed the extension registering declarativeNetRequest rules that intercepted every search and incremental keystroke, logging browser headers, IP, and user agent at the attacker domain. Disabled Google and Bing redirect rules plus WebAssembly scaffolding indicate the campaign was built for rapid target switching rather than one-off collection. No credential exfiltration was observed, but the permission set exceeded any legitimate search helper.

This fits an expanding pattern of AI-branded supply-chain extensions. Prior Microsoft research linked similar chat-skimming extensions to 900,000 installs across 20,000 enterprise networks, showing attackers now treat popular AI interfaces as trusted distribution vectors. The Perplexity clone targeted the address bar itself, a lower-friction collection point than waiting for completed conversations.

Chrome Web Store review processes still permit search-provider overrides when framed as utility features. Without publisher verification or runtime behavior checks, campaigns can accumulate installs before disclosure. The absence of named operators or install counts leaves open whether this was a lone operator test or part of a larger network already pivoting to other AI domains.

Enterprises should enforce extension allow-lists and monitor for unauthorized default search changes. Store operators must add behavioral signals around search overrides and live suggestion endpoints to block future iterations before they reach scale.