Google Chrome fails users again by letting malicious Perplexity extension slip through


When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Google has failed users again after it let a malicious Perplexity extension into the Chrome Web Store. It’s gone now but a manual uninstall is needed.

If you have Perplexity AI installed in Google Chrome as an extension, then you need to double-check that it’s the official app and not one of the third-party apps. The reason is that Microsoft’s Defender Security Research Team has found that one of these extensions, called “Search for perplexity ai” is actually malware and secretly records what users are typing. While this discovery led to the extension’s removal from the Chrome Web Store, users who installed it are still at risk.

According to Microsoft, the extension sends your traffic through a typosquatted domain rather than the legitimate perplexity.ai. Upon install, it also requested the chrome_settings_overrides permission to allow it to become your default search engine, ensuring it captured everything you search for in the URL bar.

Additionally, it also got permission for declarativeNetRequest, which allowed it to send off your requests to its dodgy server, which the attackers controlled. The permission also allowed the extension to perform traffic redirection and URL rewriting. The extension didn’t need this permission.

Here is what Microsoft says the extension does:

  1. User enters search query into the Omnibox.
  2. Browser request routed to perplexity-ai[.]online.
  3. Server logs full request: query string, HTTP headers, user-agent, and source IP address.
  4. suggest_url captures real-time keystrokes during typing (before Enter is pressed)
  5. Ruleset executes redirect.
  6. User is delivered to selected search provider.

Another thing that gave away the extension as being malicious was that it shipped with its own server-side infrastructure code, which gave away the entire attack architecture. What we still don’t know is who the operator of this extension and malicious domain is. Microsoft didn’t share this information.

To check whether you have this installed, go to chrome://extensions/ and enable Developer mode. If you see a Perplexity extension, check the ID. If it’s “flkebkiofojicogddingbdmcmkpbplcd”, then you need to remove it as it is malicious. While you’re on this page, please remove any other extensions that you do not need. As we have seen, Google isn’t great at screening extensions that appear on the Chrome Web Store, and plenty of malware appears, so if you don’t need or trust extensions explicitly, then they shouldn’t be on your system.

Via: Malwarebytes





Source link

Recent Articles

spot_img

Related Stories