GoKawiilA malicious extension in the Chrome Web Store is masquerading as the Perplexity AI answer engine, intercepting search traffic and collecting browsing information.
Called "Search for perplexity ai," the extension routed search queries and real-time suggestions through its infrastructure before redirecting users to the legitimate search services.
Microsoft Threat Intelligence researchers said that the extension did not steal credentials or other sensitive information but its permissions would easily allow it if the operator decided to extend the scope of the data theft.
Fake Perplexity AI extension
Perplexity AI is a research assistant that searches the web and synthesizes the information in a direct, conversational response instead of showing a list of links for the user to access to find their answer.
Perplexity AI is available on the web, on mobile (Android and iOS), and as a desktop app, and its official Chrome extension is named “Perplexity – AI Search.”
The fake extension that Microsoft spotted uses similar branding and the domain “perplexity-ai[.]online,” instead of the legitimate perplexity.ai.
Post-installation onboarding page
Source: Microsoft
Once installed, it changes the browser’s search settings to replace the default search provider and to pass all address-bar queries through the attacker’s infrastructure.
... continue reading