Fake Perplexity extension on Chrome Web Store tracked searches

A counterfeit Perplexity AI extension distributed through the official Chrome Web Store intercepted user search queries and collected browsing data without consent. The fraudulent extension mimicked Perplexity's legitimate interface while running malicious code in the background.

The fake extension captured search traffic before routing it through Perplexity's servers, allowing attackers to harvest sensitive information about user research habits, queries, and online behavior. Users who installed the extension believed they were using Perplexity's authentic service, creating a deception layer that increased the threat's effectiveness.

Google's Chrome Web Store hosting the malicious extension highlights vulnerabilities in the review process for browser extensions. Despite official vetting procedures, attackers successfully published code that violated Chrome Web Store policies against data collection and privacy violations. The extension remained available long enough to collect data from an unknown number of users before removal.

Security researchers discovered the extension through monitoring suspicious activity patterns and code analysis. The malicious payload logged user searches, visited URLs, and potentially login credentials depending on browsing context. Attackers then sold or leveraged this harvested data for further exploitation, targeted advertising, or credential-based attacks.

Perplexity confirmed the extension was not their product and had no connection to their service. The company recommended users uninstall any suspicious extensions and verify their installed software directly from Chrome settings.

This incident affects any Chrome user who installed the extension. Organizations face elevated risk if employees used the extension for work-related research, as business queries and proprietary information potentially reached attackers. Users who entered login credentials while the extension was active should change passwords across affected accounts immediately.

Chrome Web Store abuse remains a persistent attack vector because extensions request broad permissions and operate with high system privileges. Users should install extensions only from verified developers, limit extension permissions to minimum required access, and regularly audit installed extensions. Security teams should restrict extension installations in enterprise environments through group