Based on reporting by The Hacker News →
Introduction
A malicious browser extension that posed as the legitimate AI search tool Perplexity managed to log every search query and every keystroke typed into the Chrome address bar before anyone at Google caught it. This is not a theoretical supply-chain attack — it was live in the Chrome Web Store, and it was routing user data through an attacker-controlled server.
The problem
According to a report by The Hacker News, Microsoft discovered a malicious Chrome extension that masqueraded as the popular AI-powered search engine Perplexity. The extension intercepted all search queries and address-bar input, forwarding every character and query to an attacker-controlled server before redirecting the user to the legitimate search results. Microsoft responsibly disclosed the finding, and Google removed the extension from the Chrome Web Store. The extension's exact name was reported but is not necessary to reproduce to understand the attack vector — it pretended to be Perplexity.
Consequences
Any user who installed this extension unwittingly handed over their entire search history — including sensitive queries such as medical symptoms, financial searches, login URLs, or private business research — directly to the attacker's infrastructure. Because the extension redirected users to real results, victims saw no obvious sign of compromise. The data exfiltration was invisible, persistent, and could be used for credential harvesting, identity theft, targeted phishing, or corporate espionage.