Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input

A

Admin User

Administrator of InfoSecCenter. Passionate about cybersecurity, information security, and technology.

Save

Security researchers at Microsoft have recently uncovered a malicious Chrome extension that masqueraded as the popular AI search engine Perplexity, creating significant privacy concerns for users who unknowingly installed the counterfeit add-on. The malicious extension operated by intercepting and logging users' search queries and address bar inputs, routing them through an attacker-controlled server before delivering legitimate search results to maintain its stealthy operation.

The fraudulent extension was designed to collect substantial amounts of personal information, capturing not only completed search queries but also every keystroke entered into the Chrome address bar. This means that even before users completed their search terms or navigated to websites, their typed characters were being transmitted to unauthorized third parties. Microsoft's security team promptly disclosed their findings to Google, leading to the extension's removal from the Chrome Web Store, though not before potentially compromising the privacy of numerous users who had downloaded it.

This incident highlights a growing concern in the cybersecurity landscape: the weaponization of seemingly legitimate browser extensions to conduct surveillance and data harvesting. Users who believed they were enhancing their browsing experience with an AI-powered search tool were instead exposing their personal information to unknown threat actors. The particularly concerning aspect of this attack was its surreptitious nature, as the extension continued to provide the expected Perplexity search functionality while secretly operating in the background.

For security teams, this discovery underscores several critical implications. Browser extensions represent a significant attack vector that organizations must address through comprehensive security policies. Many organizations lack adequate controls over the extensions that employees can install, creating potential backdoors for data exfiltration. Security teams should implement strict extension whitelisting policies and regularly review approved extensions for any unusual behavior or network activity. Additionally, this incident demonstrates the importance of maintaining current threat intelligence to quickly identify and

Share

Shares: 0
LinkedIn WhatsApp Pinterest Print

You might also like

Comments (0)

Leave a Comment

No comments yet. Be the first to comment!