Microsoft discovered a sneaky Chrome extension pretending to be the Perplexity search helper. Instead of just helping, it quietly copied what people searched for — and worse, it peeked at what they were typing in the address bar before they even hit Enter. The add-on used a fake domain to look legitimate and forwarded traffic through an attacker server so the results still looked normal while the data got logged in the background.

What happened

The extension installed itself as the browser’s default search provider and rerouted queries to an attacker-controlled site first. That server recorded search queries along with headers, IP addresses, and user-agent strings, then bounced users to the real search results so nothing obvious broke.

It also rewired the live suggestion endpoint so every keystroke in the address bar went to the attacker before you pressed Enter — yes, literally every character. The extension requested permissions that let it rewrite and redirect search traffic, and its server-side code showed those redirects were being logged intentionally rather than being an accidental side effect.

To make matters spicier, the extension shipped extra (disabled) redirect rules that could be flipped on for other big search engines, and even left hooks to run WebAssembly later — capabilities a simple search tool doesn’t need.

How to protect yourself

If you installed anything called “Search for perplexity ai” or anything that looks fishy, treat it like a gremlin in the plumbing:

  • Uninstall the suspicious extension immediately and check your browser’s default search provider.
  • Allow only vetted extensions through company policies and browser management.
  • Keep an eye out for changed search settings, odd extension permissions, or traffic reaching unfamiliar domains.
  • Be extra skeptical of AI-branded tools — double-check the publisher and the domain before installing.
  • For teams: enforce extension whitelists and monitor network traffic for unexpected destinations.

No one has been publicly named as the operator, and it’s unclear how many people installed it before it was taken down. The moral of the story: flashy AI branding can be bait, and a search box should never be the thing quietly copying your typing.