Perplexity Impersonation Attack Exploited Chrome Web Store Trust to Intercept Search Queries
A malicious Chrome extension masquerading as the Perplexity AI search engine intercepted all user searches and address bar input, routing them through an attacker-controlled server before delivering results. Google removed the extension after Microsoft's responsible disclosure, but the attack demonstrates how supply chain compromises in browser extension marketplaces can enable large-scale data harvesting.
Affected
Microsoft discovered a Chrome extension that spoofed the Perplexity brand and successfully evaded marketplace detection to harvest user input at scale. The extension functioned as a transparent proxy for search queries and address bar keystrokes, intercepting every character before the user reached their intended destination. This is not a vulnerability in Chrome itself but rather a failure of Web Store review controls to detect impersonation and data exfiltration logic.
The technical execution is straightforward but effective. The malicious extension likely positioned itself as a search accelerator or AI companion tool, gaining the permissions necessary to monitor tab activity and network requests. By routing traffic through attacker infrastructure before legitimate redirects, the threat actor captured plaintext search histories, URLs, and typed input that could include credentials, sensitive queries, or personal information. The interception was silent and non-disruptive to the user experience, maximising dwell time before detection.
The attack's impact depends on how many users installed the extension and for how long it remained active before removal. Chrome Web Store removals are reactive and often come weeks after initial distribution. Users who installed this extension had their search behaviour, browsing patterns, and potentially sensitive information logged by attackers. This data has direct value for targeted phishing, blackmail, ad targeting fraud, or resale to information brokers.
Defenders should conduct an urgent audit of installed browser extensions across their user base, focusing on recently installed tools that claim to augment search or AI functionality. Organisations should enforce extension allowlist policies and disable Web Store auto-updates to allow review cycles. Users should examine their extension permission history and remove any unrecognised or redundant tools. Microsoft's disclosure process worked as intended, but the underlying risk remains: the Web Store's review automation cannot reliably detect brand impersonation or data exfiltration signatures, leaving large attack surface open to determined threat actors.
This incident reflects a broader pattern where impersonation attacks targeting software distribution channels consistently succeed because scalable detection of intentional deception requires human review at volume that marketplaces do not sustain. Until extension stores implement stronger identity verification for publisher accounts and behavioural sandboxing for network traffic analysis, similar attacks will recur.
Sources