Every search you make, it’s watching: this malicious Chrome extension captures AI query keystrokes


A fake AI chatbot extension for Chrome-based browsers was secretly intercepting users’ searches to harvest their data without disrupting the search experience.

Key takeaways:

According to Microsoft Threat Intelligence, the extension, called “Search for Perplexity AI,” impersonated the legitimate Perplexity AI chatbot using similar branding and the typosquatted domain perplexity-ai[.]online.

ADVERTISEMENT
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News

Available through the Chrome Web Store before its removal, the extension was compatible with both Google Chrome and Microsoft Edge.

Intercepting searches

In a blog published yesterday, Microsoft details that, once installed, the extension replaced the browser’s default search engine, sending every search query first through attacker-controlled servers before redirecting users to legitimate search engines such as Perplexity, Google, or Bing.

Because users saw genuine search results, the interception remained invisible.

To make things worse, every character typed into the browser address bar was transmitted to the attacker-controlled domain before users even pressed “Enter,” enabling keystroke-level surveillance of browsing activity.

ChromeExtensionSearch
How the “Search for Perplexity AI" campaign operates. Infographic from Microsoft Threat Intelligence

Microsoft said the extension requested permissions far beyond those expected for a legitimate AI assistant, including a powerful DNR permission rule that enables “traffic redirection, URL rewriting, and selective request filtering,” capabilities the company said were not consistent with expected AI assistant behavior.

ADVERTISEMENT
Perplexity x Getty Images
Chrome extension “Search for Perplexity AI,” impersonates the legitimate AI chatbot. Perplexity x Getty Images

The collected data was stored locally before being periodically transmitted via encrypted HTTPS requests to attacker-controlled domains, including deepaichats[.]com and chatsaigpt[.]com.

Local buffers were cleared, reducing the chances of defenders or users finding evidence on infected systems.

The AI-skimming trend

Microsoft says that the campaign reflects a growing trend for attackers abusing trusted AI brands.

In December, OX Security uncovered two malicious Chrome extensions with 900,000 downloads masquerading as legitimate AI tools from AITOPIA. While the extensions function as advertised, they were interlaced with spyware that secretly collected users' conversations.

In March, Microsoft also tied a chat-skimming wave to roughly 900,000 installs across more than 20,000 enterprises, harvesting sensitive interactions with AI chatbots.

This latest campaign appears to shift the focus from chat histories to something broader. Every search users make, and every character they type into the address bar are collected through Chrome's own extension machinery.

Strong password generator

Upgrade the security of your online accounts.
Create strong passwords that are completely random and impossible to guess.
Generated unique password
Ad link_title
Convenient way to secure and use all your passwords. Now 72% OFF!

Mitigation advice includes reviewing installed browser extensions, removing unfamiliar add-ons, checking for unexpected search engine changes, and treating AI-branded browser tools with particular caution by verifying both the publisher and website before installation.

ADVERTISEMENT