All incidents

Fake Perplexity AI Chrome extension hijacks searches and logs keystrokes

malwareopenJul 1, 2026 — Jul 2, 2026
Fake Perplexity AI Chrome extension hijacks searches and logs keystrokes

A fake Chrome extension posing as the Perplexity AI assistant has been spotted hijacking search queries and recording keystrokes.

Google removed the malicious add‑on from its Web Store after a security report here, but anyone who installed it must still uninstall it manually.

The extension asked for broad permissions that far exceeded its claimed functionality, allowing it to read and modify data on all websites.

It then set itself as the default search provider, logged each query before forwarding the request to the real search engine and captured every key pressed in the browser as detailed by researchers.

The malicious code also sent the harvested data, including IP addresses, browser headers and user‑agent strings, to a server controlled by the attacker.

No CVE identifiers have been assigned to this threat and no specific threat actor has been linked to the campaign.

The extension was first seen on 1 July 2026 and remained active until 2 July 2026 when researchers raised the alarm.

Microsoft commented that the incident fits a growing pattern of AI themed extensions being abused for surveillance, though it did not name any group behind it.

Users should open Chrome’s extensions page, review the list for any add‑on named Search for perplexity ai or similar look alike titles and remove it immediately.

It is also wise to audit all installed extensions, revoke any that request excessive permissions and to keep the browser updated to the latest version.

Administrators can enforce extension whitelists through group policy and monitor endpoint logs for unusual outbound connections to unknown domains.

Staying vigilant about the source of browser add‑ons remains a key defence against this kind of credential and data harvesting.

Intelligence briefing updated Jul 2, 2026

Timeline Coverage

Swipe to explore timeline