Fake Perplexity Chrome Extension Was Lurking in Your Browser
Look, we talk a lot about AI grift on this blog. Crypto Bros pivoting to "AI consultants" overnight. Copy-paste GPT wrappers raising seed rounds. But every now and then, the grift engine cranks out something so audacious, so genuinely devious, that you almost have to respect the hustle. Almost.
Enter: the fake Perplexity Chrome extension. Not a parody. Not a fan project. A straight-up malicious browser extension that masqueraded as Perplexity AI — the $9 billion search darling that's been eating Google's lunch — while quietly intercepting every search query and address bar keystroke you typed.

Yeah. Every. Single. One.
Here's what went down. Security researchers flagged a Chrome extension floating around the Web Store that looked, felt, and smelled like an official Perplexity integration. Clean icon. Familiar teal-and-white branding. The kind of thing you'd install without thinking twice because you've already got twelve other AI extensions jammed into your browser and what's one more? The extension promised to bring Perplexity's AI-powered answers directly into your search workflow — which, to be fair, is something Perplexity itself is actively building toward with their own native browser launched in late 2024.
But instead of surfacing AI-generated answers, this little piece of digital vermin was doing something far more industrious: it was sitting between you and the internet, silently logging every query you punched into the address bar, every search you ran through Google or Bing or DuckDuckGo, and quietly exfiltrating that data to parts unknown.
Your medical questions. Your late-night shopping searches. That embarrassing thing you Googled at 2 AM. All of it, piped through someone else's server.
Let's contextualize this within the broader AI hype cycle, because this didn't happen in a vacuum. Perplexity AI, founded in 2022 by Aravind Srinivas, has been on an absolute tear. They hit 15 million monthly active users by mid-2024. They raised $500 million at a $9 billion valuation in December 2024. They launched Perplexity Pro at $20/month. They rolled out a shopping feature called Perplexity Shopping in November 2024 that lets you buy stuff directly from search results. They've got a Comet browser in the works. They are, by every metric, the hottest thing in AI search right now.
And when something gets that hot, the parasites come crawling out of the woodwork.
This is the same pattern we've seen play out across every hype wave of the last five years. Fake crypto wallets during the NFT boom. Counterfeit Pop Mart figures flooding the market when Labubu went supernova. Sketchy "Stanley cup" listings on Temu that were just slightly off-brand thermoses with lead paint. The sneaker resale market has been dealing with ultrarep factories producing fakes so accurate that legit-checking has become a full-time profession. The hype economy doesn't just attract consumers — it attracts opportunists, and the opportunists are always one step ahead of the platforms that are supposed to stop them.

But browser extensions hit different. This isn't a fake sneaker you can hold up to the light and inspect. This is code running inside your most personal piece of software — the browser where you do your banking, your medical research, your 3 AM spiral-searching about whether your cough is terminal. Chrome has roughly 3.4 billion users worldwide. The Chrome Web Store hosts over 130,000 extensions. Google's review process is supposed to catch this stuff, but the reality is that it's a game of whack-a-mole where the moles are getting increasingly sophisticated.
The malicious Perplexity extension wasn't some sloppy piece of malware either. According to The Hacker News report, it was specifically designed to intercept and manipulate search behavior — meaning it could potentially redirect your queries, inject sponsored results, or quietly build a profile of your interests for advertising purposes. Think about the value of that data. Real-time intent data from millions of searches, unfiltered by Google's privacy guardrails, sold to the highest bidder on whatever shadowy data marketplace handles this kind of thing.
It's search arbitrage meets AI cosplay meets straight-up data theft.
And here's the part that really stings: Perplexity has been working overtime to position itself as the trustworthy alternative to Google. They've been pushing their "answer engine" as the privacy-respecting, source-citing, no-tracking future of search. Srinivas has been on every podcast and panel talking about transparency and accuracy and giving users control over their data. Then some random extension developer slaps the Perplexity logo on a Chrome extension and turns the whole trust narrative into a punchline.
Now, to be crystal clear: this was NOT an official Perplexity product. Perplexity didn't build this. They didn't endorse it. They're victims here too — their brand was hijacked by bad actors looking to exploit the halo effect of a company that's currently valued at more than some Fortune 500 enterprises. But that's cold comfort to anyone who installed the extension and had their search data siphoned off.
The broader lesson here isn't just "be careful what you install" — though yeah, obviously, be careful what you install. The lesson is that the AI hype cycle has created an attack surface so massive and so tempting that security researchers are basically fighting a losing battle. Every new AI product launch — every new model, every new feature, every new valuation milestone — is a beacon for scammers. ChatGPT had fake apps that charged $7.99/week for what was essentially a web wrapper. Claude had impostor browser extensions within weeks of its public launch. Gemini's name was slapped on everything from sketchy VPNs to "AI trading bots" that were just Ponzi schemes with a Google logo.
The AI gold rush isn't just attracting venture capitalists and enterprise customers. It's attracting an entire shadow economy of fraudsters, data thieves, and brand-impersonation specialists who understand that the fastest way to steal someone's data is to show them a familiar logo and say "AI." Because in 2025, we've been conditioned to trust AI brands almost as reflexively as we trust the brands on our cereal boxes.
So here's your wakeup call, delivered with maximum 90s CRT scanline energy: that Chrome extension you installed at 11 PM because it promised to "supercharge your searches with AI"? It might be doing exactly that. Or it might be quietly shipping your entire browsing history to a server in Moldova.
The difference is the same as it's always been in the hype economy: the people selling the real thing and the people selling the fake thing use the exact same packaging. The only way to tell them apart is to look under the hood — and most people don't even know where the hood release is.
Stay paranoid, stay patched, and for the love of everything holy, verify your extensions before you click install.