Microsoft has identified a malicious Chrome extension that impersonated the AI search engine Perplexity, covertly intercepting user searches and address bar inputs. This extension, named “Search for perplexity ai” (ID: flkebkiofojicogddingbdmcmkpbplcd), utilized a deceptive domain, perplexity-ai[.]online, to mimic the legitimate Perplexity service at perplexity.ai.
Upon installation, the extension set itself as the browser’s default search engine. User queries were first routed through the attacker’s server at perplexity-ai[.]online, where they were logged along with browser headers, IP addresses, and user agents, before redirecting users to genuine search results. This process made the data interception virtually undetectable to the user.
Further exacerbating the issue, the extension redirected the browser’s live search suggestions (suggest_url) to the same malicious domain. Consequently, every character typed into the address bar was transmitted to the attacker’s server in real-time, even before the user pressed Enter.
While Chrome allows search-provider overrides for legitimate extensions, this particular extension exploited such permissions to rewrite and redirect user traffic maliciously. It requested the declarativeNetRequest family of permissions to facilitate this behavior and included server-side code designed to log every request, indicating a deliberate intent to collect user data.
Additionally, the extension contained disabled redirect rules for Google and Bing, suggesting the potential for similar data interception on these platforms. It also incorporated the capability to execute WebAssembly code, a feature unnecessary for a simple search tool, raising further security concerns.
This incident is part of a broader trend where malicious extensions exploit AI branding to deceive users. Previous cases have involved extensions that alter default search engines to capture user input, hijack search providers, or intercept conversations from AI chatbots like ChatGPT and DeepSeek. Microsoft’s research has linked such chat-skimming activities to approximately 900,000 installations across over 20,000 corporate networks.
Users who have installed the “Search for perplexity ai” extension are advised to remove it immediately and verify that their default search engine settings have not been altered. Organizations should implement measures such as allowing only approved extensions, monitoring for changes in search settings and unusual extension permissions, and exercising caution with AI-branded tools by verifying publishers and domains before installation.
While the operator behind this malicious extension remains unidentified, and the number of installations prior to its removal is unknown, this incident underscores the importance of vigilance when installing browser extensions, especially those claiming AI capabilities. Users and organizations must remain cautious and implement robust security practices to mitigate such threats.
