Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1794+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. News
  3. Fake Perplexity Extension on Chrome Web Store Tracked Searches and Harvested Browsing Data
Fake Perplexity Extension on Chrome Web Store Tracked Searches and Harvested Browsing Data
NEWS

Fake Perplexity Extension on Chrome Web Store Tracked Searches and Harvested Browsing Data

A malicious extension masquerading as the Perplexity AI answer engine was discovered on the Chrome Web Store, intercepting search traffic and collecting...

Dylan H.

News Desk

July 1, 2026
3 min read

Security researchers have uncovered a malicious Chrome extension on the Chrome Web Store that impersonated the popular Perplexity AI answer engine. Rather than providing the AI search capabilities it advertised, the extension covertly intercepted user search traffic and collected browsing data — a textbook supply chain and impersonation attack targeting AI tool users.

The Fake Extension

The malicious extension presented itself as a legitimate Perplexity AI browser tool, leveraging the brand's growing recognition among users who rely on AI-powered search. The extension was listed on the official Chrome Web Store, lending it an air of legitimacy that likely contributed to its install rate.

Once installed, the extension operated with elevated browser permissions that allowed it to:

  • Intercept and monitor search queries across major search engines
  • Track browsing behavior including visited URLs and navigation patterns
  • Collect sensitive browsing information that could be used for targeted advertising, credential phishing, or sale on underground markets

How It Worked

Chrome extensions request permissions during installation, and users who granted the extension access to "read and change all your data on websites you visit" — a common and often overlooked permission — inadvertently handed the malicious extension broad visibility into their browser activity.

The extension likely exfiltrated collected data to attacker-controlled infrastructure, though the full scope of what was collected and where it was sent is still being investigated. Extensions of this type commonly function as:

  • Adware monetizing search interception and redirect traffic
  • Credential harvesters watching for login forms and autofill data
  • Spyware building browsing profiles for sale to data brokers or threat actors

Why AI Tool Impersonation Is Effective

The choice to impersonate Perplexity specifically is telling. AI-powered tools have seen explosive user adoption, and many users are actively searching for browser extensions that integrate AI functionality into their everyday workflows. Attackers are exploiting this demand by publishing lookalike extensions that mimic popular AI brands.

This mirrors earlier campaigns that abused the ChatGPT brand in 2023 and 2024, flooding extension stores with fake "ChatGPT for Chrome" extensions that delivered adware, stealers, or backdoors.

Chrome Web Store Security Limitations

The incident highlights ongoing concerns about the Chrome Web Store's review process. Despite Google's automated scanning and periodic manual reviews, malicious extensions continue to make it onto the platform. The Web Store's open nature — which allows any developer to publish an extension — creates an inherent tension between accessibility and security.

Google has previously removed hundreds of malicious extensions in bulk after researcher disclosures, but the cat-and-mouse dynamic persists.

How to Stay Protected

Users should take the following precautions when installing Chrome extensions:

  1. Install extensions only from verified publishers — check the developer website and cross-reference official brand channels before installing
  2. Review permissions carefully — extensions requesting access to all website data should trigger heightened scrutiny
  3. Check install counts and reviews — legitimate tools from major brands typically have large install bases and active review histories
  4. Use the official Perplexity.ai website directly rather than relying on third-party extensions
  5. Audit installed extensions regularly — remove anything you don't actively use or recognize
  6. Keep Chrome updated — newer versions include improved extension permission warnings

If you believe you installed the malicious extension, remove it immediately, change passwords for accounts accessed while the extension was active, and check for unfamiliar activity in your Google account.

References

  • BleepingComputer: Fake Perplexity Extension on Chrome Web Store Tracked Searches
#Chrome Extension#Malware#Perplexity#Browser Security#Spyware#Google

Related Articles

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Security researchers at Island discovered that 'Adblock for YouTube,' a Chrome extension with over 10 million installs and a Featured badge, contains a...

3 min read

Malicious Chrome Extension 'CL Suite' Steals Meta Business

Security researchers have uncovered a malicious Chrome extension called CL Suite that steals TOTP 2FA seeds, Meta Business Manager data, and analytics,...

3 min read

AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android

Researchers have uncovered a novel malware artifact generated using DeepSeek that weaponizes the Chromium File System Access API to encrypt files entirely...

7 min read
Back to all News