Malicious Chrome extension intercepted users’ AI searches

30.06.2026 3 minutes Author: Newsman

Microsoft Threat Intelligence researchers have uncovered a malicious browser extension disguised as the official Perplexity AI chatbot. Instead of providing a legitimate AI experience, it secretly intercepted users’ search queries, captured keystrokes, and transmitted the collected data to attacker-controlled servers.

The extension, named Search for Perplexity AI, used a lookalike design and the typo-squatted domain perplexity-ai[.]online to appear as an official service. Before it was removed, it was available through the Chrome Web Store and supported both Google Chrome and Microsoft Edge.

Once installed, the extension automatically changed the browser’s default search engine. Every search query was first routed through attacker-controlled servers before users were redirected to legitimate search engines such as Perplexity, Google, or Bing. Because the final search results appeared genuine, most users had no indication that their queries were being intercepted.

The extension’s capabilities went even further. It transmitted every character typed into the browser’s address bar to attacker-controlled servers before users even pressed Enter, effectively allowing the operators to monitor browsing activity at the keystroke level.

Microsoft’s analysis also revealed that the extension requested permissions far beyond what a legitimate AI assistant would require. Among them was the powerful Declarative Net Request (DNR) permission, which allows extensions to redirect network traffic, rewrite URLs, and selectively filter requests. According to the researchers, these capabilities are inconsistent with the expected behavior of an AI assistant.

The stolen data was initially stored locally on the victim’s device before being periodically transmitted over encrypted HTTPS connections to attacker-controlled domains, including deepaichats[.]com and chatsaigpt[.]com. After each upload, the local buffers were cleared, making it much more difficult for users or security analysts to find evidence of the extension’s activity.

Researchers say the campaign reflects a broader trend in which cybercriminals exploit the popularity of AI services to distribute malicious software.

In December, OX Security uncovered two malicious Chrome extensions masquerading as AI tools from AITOPIA. Together, they were installed around 900,000 times. Although the extensions performed their advertised functions, they also secretly collected users’ conversations.

In March, Microsoft disclosed another large-scale chat-skimming campaign affecting approximately 900,000 installations across more than 20,000 organizations, where attackers harvested sensitive interactions with AI chatbots.

The latest campaign marks a shift in tactics. Rather than focusing solely on AI chat histories, attackers are now attempting to capture every search query users make, along with every character typed into the browser’s address bar.

Microsoft recommends reviewing installed browser extensions, removing any unfamiliar or suspicious add-ons, checking for unauthorized changes to the browser’s default search engine, and carefully verifying both the publisher and the official website before installing AI-powered browser tools.

Subscribe
Notify of
0 Коментарі
Oldest
Newest Most Voted
Found an error?
If you find an error, take a screenshot and send it to the bot.