Every search you make, it’s watching: this malicious Chrome extension captures AI query keystrokes

A fake AI chatbot extension for Chrome-based browsers was secretly intercepting users’ searches to harvest their data without disrupting the search experience.
-
A fake Perplexity-themed extension secretly intercepted users’ searches.
-
It captured keystrokes and sent data to attacker-controlled servers.
-
The campaign shows how attackers are exploiting trusted AI brands.
According to Microsoft Threat Intelligence, the extension, called “Search for Perplexity AI,” impersonated the legitimate Perplexity AI chatbot using similar branding and the typosquatted domain perplexity-ai[.]online.
Available through the Chrome Web Store before its removal, the extension was compatible with both Google Chrome and Microsoft Edge.
Intercepting searches
In a blog published yesterday, Microsoft details that, once installed, the extension replaced the browser’s default search engine, sending every search query first through attacker-controlled servers before redirecting users to legitimate search engines such as Perplexity, Google, or Bing.
Because users saw genuine search results, the interception remained invisible.
To make things worse, every character typed into the browser address bar was transmitted to the attacker-controlled domain before users even pressed “Enter,” enabling keystroke-level surveillance of browsing activity.
Microsoft said the extension requested permissions far beyond those expected for a legitimate AI assistant, including a powerful DNR permission rule that enables “traffic redirection, URL rewriting, and selective request filtering,” capabilities the company said were not consistent with expected AI assistant behavior.
The collected data was stored locally before being periodically transmitted via encrypted HTTPS requests to attacker-controlled domains, including deepaichats[.]com and chatsaigpt[.]com.
Local buffers were cleared, reducing the chances of defenders or users finding evidence on infected systems.
The AI-skimming trend
Microsoft says that the campaign reflects a growing trend for attackers abusing trusted AI brands.
In December, OX Security uncovered two malicious Chrome extensions with 900,000 downloads masquerading as legitimate AI tools from AITOPIA. While the extensions function as advertised, they were interlaced with spyware that secretly collected users' conversations.
In March, Microsoft also tied a chat-skimming wave to roughly 900,000 installs across more than 20,000 enterprises, harvesting sensitive interactions with AI chatbots.
This latest campaign appears to shift the focus from chat histories to something broader. Every search users make, and every character they type into the address bar are collected through Chrome's own extension machinery.
Strong password generator
Mitigation advice includes reviewing installed browser extensions, removing unfamiliar add-ons, checking for unexpected search engine changes, and treating AI-branded browser tools with particular caution by verifying both the publisher and website before installation.