Fake Perplexity AI Extension Steals User Activity Through Browser Session Monitoring
Cybersecurity researchers have uncovered a malicious browser extension impersonating the popular AI-powered search platform Perplexity AI, raising fresh concerns about the growing abuse of artificial intelligence brands in cybercrime campaigns.
The fraudulent extension closely mimics the appearance and functionality of legitimate browser add-ons while secretly monitoring user interactions, logging browsing activity, and intercepting traffic related to Perplexity AI sessions.
The discovery highlights a rapidly emerging threat where cybercriminals exploit the popularity of AI services to distribute malware, harvest sensitive information, and compromise user privacy.
What Happened?
Security researchers identified a browser extension masquerading as an official Perplexity AI tool.
While appearing legitimate to unsuspecting users, the extension reportedly performs hidden background activities designed to collect browsing information and monitor user sessions.
According to the researchers, the extension can:
- Monitor browser activity
- Capture requests sent to Perplexity AI
- Log user interactions
- Collect browsing metadata
- Communicate with external command-and-control (C2) infrastructure
The malicious behavior occurs silently, making it difficult for users to detect without specialized security tools.
How the Attack Works
Unlike traditional malware that exploits software vulnerabilities, malicious browser extensions rely on excessive permissions granted during installation.
Once installed, the rogue extension may request access to:
- Active browser tabs
- Website content
- Browser history
- Cookies
- Session information
- Network requests
Using these permissions, attackers can observe user activity and potentially intercept information exchanged with AI services.
Depending on the permissions granted, similar extensions may also inject scripts into web pages, modify browser behavior, or redirect traffic.
Why AI Platforms Are Becoming Cybercrime Targets
The rapid adoption of AI assistants has made them attractive targets for threat actors.
Cybercriminals increasingly exploit trusted AI brands by creating fake:
- Browser extensions
- Desktop applications
- Mobile apps
- Login pages
- Productivity tools
These campaigns aim to exploit user trust and capitalize on the growing popularity of AI platforms.
As millions of users integrate AI into their daily workflows, impersonating well-known services has become an effective social engineering tactic.
Potential Risks to Users
Although the full capabilities of the malicious extension may vary, browser-based spyware can expose users to several security and privacy risks.
Potential impacts include:
Session Monitoring
Attackers may observe browsing activity and interactions with AI platforms.
Credential Theft
Malicious extensions with elevated permissions could attempt to capture authentication tokens or login credentials.
Data Collection
Sensitive prompts, research queries, and browsing metadata may be collected without the user's knowledge.
Privacy Violations
Continuous monitoring can reveal browsing habits, business activities, and personal interests.
Enterprise Risk
Employees using compromised browser extensions on corporate devices could unintentionally expose internal research, business workflows, or proprietary information.
Why Browser Extensions Are Dangerous
Browser extensions often receive broad permissions that allow deep access to web content.
Poorly vetted or malicious extensions may be capable of:
- Reading website content
- Modifying webpages
- Capturing user input
- Monitoring network requests
- Accessing stored cookies
- Executing background scripts
Because these actions occur inside the browser, traditional antivirus solutions may not always detect suspicious behavior immediately.
How Users Can Stay Protected
Cybersecurity experts recommend several best practices to reduce the risk of malicious browser extensions.
Install Extensions Only from Trusted Sources
Download browser extensions only from official browser marketplaces and verify the developer before installation.
Review Requested Permissions
Avoid extensions requesting unnecessary access to browsing data, cookies, or all websites unless absolutely required.
Remove Unused Extensions
Regularly review installed extensions and uninstall any that are no longer needed.
Keep Browsers Updated
Security updates help reduce the likelihood of extension-based attacks and browser vulnerabilities.
Monitor Account Activity
Review account login history and revoke suspicious sessions if unauthorized activity is detected.
Use Endpoint Security Tools
Organizations should deploy browser security monitoring and endpoint detection solutions capable of identifying malicious extensions.
The Growing Threat of AI Brand Impersonation
The incident reflects a broader trend in which threat actors leverage the popularity of AI services to conduct phishing campaigns, distribute malware, and steal sensitive information.
Researchers have observed fake tools impersonating numerous AI platforms in recent months, demonstrating how cybercriminals quickly adapt to emerging technologies and user behavior.
As AI adoption continues to accelerate, both consumers and enterprises should expect an increase in scams involving counterfeit AI applications and browser extensions.
The Bigger Picture
Browser extensions have become an increasingly attractive attack vector because they combine trusted branding with extensive access to user activity.
Organizations should include browser extension management within their broader cybersecurity strategy by implementing application controls, endpoint monitoring, and user awareness training.
For individuals, verifying the authenticity of browser add-ons before installation is becoming just as important as checking the legitimacy of websites and software downloads.
Conclusion
The discovery of a malicious browser extension impersonating Perplexity AI serves as another reminder that cybercriminals are rapidly adapting to the AI era.
By exploiting trusted brands and requesting excessive browser permissions, attackers can silently collect browsing data, monitor AI interactions, and potentially compromise sensitive information.
As AI-powered tools become an essential part of daily work and research, maintaining strong browser hygiene, verifying extension authenticity, and practicing cautious installation habits will be critical to staying secure.