2 Sources
[1]
Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input
Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redirecting users to real results. Microsoft says Google removed it from the store after responsible disclosure. The extension was called "Search for perplexity ai" (ID flkebkiofojicogddingbdmcmkpbplcd) and used a look-alike domain, perplexity-ai[.]online, to pass for the real service at perplexity.ai. Microsoft's Defender research team says the point was to intercept searches and collect data. It found no proof of password theft, but far more access than a search box should ever need. Once installed, the extension sets itself as the browser's default search engine. When you searched, the query went first to perplexity-ai[.]online, where the attacker's server logged it with your browser headers, IP address, and user agent. A rule then bounced you to a real search engine (Perplexity, Google, or Bing), so the results looked normal. The theft happened on that first stop, before the redirect. The address bar made it worse. The extension also pointed the browser's live search suggestions (the suggest_url) to the same attacker domain. So your input went to the attacker's server before you pressed Enter. Not just finished searches, but every character as you typed it. Chrome permits search-provider overrides, and legitimate extensions use them. Rewriting and redirecting your traffic is the part a search box has no business doing. This one asked for the declarativeNetRequest family of permissions to do exactly that, then shipped server-side code that logged every request. Microsoft calls that proof the collection was deliberate, not a side effect of the redirect. The extension also shipped disabled redirect rules for Google and Bing, so the same setup could be switched on for those engines too. It even left room to run WebAssembly code later, which a simple search tool has no reason to do. This fits a steady run of malicious extensions that hide behind AI branding. Some swap the default search engine to capture what you type. Others hijack the search provider or skim ChatGPT and DeepSeek chats. Microsoft's own research tied that chat-skimming wave to roughly 900,000 installs across more than 20,000 company networks. The difference here is the target: not your AI chats, but your searches and the characters you type into the address bar, collected through Chrome's own extension machinery. If you installed "Search for perplexity ai," remove it and check that your default search engine has not been changed. For teams, Microsoft suggests the basics: * Allow only approved extensions through the browser or company policy. * Watch for changed search settings, strange extension permissions, and traffic to unfamiliar domains. * Treat AI-branded tools with extra suspicion, and check the publisher and domain before installing. No one has been named as the operator, and Microsoft did not say how many people installed it before the takedown. The AI branding got the install. The search override did the collecting.
[2]
Fake Perplexity extension on Chrome Web Store tracked searches
A malicious extension in the Chrome Web Store is masquerading as the Perplexity AI answer engine, intercepting search traffic and collecting browsing information. Called "Search for perplexity ai," the extension routed search queries and real-time suggestions through its infrastructure before redirecting users to the legitimate search services. Microsoft Threat Intelligence researchers said that the extension did not steal credentials or other sensitive information but its permissions would easily allow it if the operator decided to extend the scope of the data theft. Fake Perplexity AI extension Perplexity AI is a research assistant that searches the web and synthesizes the information in a direct, conversational response instead of showing a list of links for the user to access to find their answer. Perplexity AI is available on the web, on mobile (Android and iOS), and as a desktop app, and its official Chrome extension is named "Perplexity - AI Search." The fake extension that Microsoft spotted uses similar branding and the domain "perplexity-ai[.]online," instead of the legitimate perplexity.ai. Once installed, it changes the browser's search settings to replace the default search provider and to pass all address-bar queries through the attacker's infrastructure. "The extension overrides browser search settings through chrome_settings_overrides to replace the browser default search provider as well as intercept and redirect all queries in a Chromium browser's Omnibox to an intermediary infrastructure not associated with the official vendor domain," explains Microsoft. This level of data collection is not accidental, based on the logging code Microsoft found on the extension's server, which indicates intentional design. The extension also requests Chrome permissions that allow redirections, URL rewriting, and monitoring when rules execute. "The extension requests powerful DNR permissions that enable traffic redirection, URL rewriting, and selective request filtering, which aren't consistent with expected AI assistant behavior," the researchers mention. Even though Microsoft found no evidence that the extension targeted credentials, its confirmed data collection routines still allowed for extensive profiling, creating potential avenues for exploitation. Those who installed the extension with the ID "flkebkiofojicogddingbdmcmkpbplcd" should remove it from their browser and rotate their critical account passwords out of an abundance of caution.
Share
Copy Link
Microsoft discovered a malicious Chrome extension posing as Perplexity AI that intercepted searches and logged every character typed into the address bar. The fake extension, called "Search for perplexity ai," routed queries through an attacker-controlled server before redirecting to legitimate results, enabling extensive data collection.
Microsoft Defender researchers uncovered a malicious Chrome extension that impersonated AI search engine Perplexity AI and quietly logged user activity
1
. The fake Perplexity extension, titled "Search for perplexity ai" with ID flkebkiofojicogddingbdmcmkpbplcd, used a look-alike domain perplexity-ai[.]online to masquerade as the legitimate service at perplexity.ai2
. Google removed the extension from the Chrome Web Store following responsible disclosure by Microsoft Threat Intelligence1
.
Source: Hacker News
Once installed, the extension replaced the browser's default search provider and routed every query through the attacker-controlled server before redirecting users to real search results from Perplexity AI, Google, or Bing
2
. This search interception happened seamlessly, making the theft invisible to users who received normal-looking results. The attacker's server logged each query along with browser headers, IP addresses, and user agent data1
.The security risk extended beyond completed searches. The extension also hijacked Chrome's live search suggestions feature by pointing the suggest_url to the same attacker domain
1
. This meant that every character typed into the address bar was transmitted to the attacker-controlled server before users even pressed Enter. The data collection occurred in real-time as users typed, capturing not just finished searches but partial queries and browsing intent.
Source: BleepingComputer
Microsoft Threat Intelligence researchers found server-side logging code that proved the data collection was intentional, not merely a side effect of redirection
1
. The extension requested excessive permissions from Chrome's declarativeNetRequest family, which enabled traffic redirection, URL rewriting, and selective request filtering—capabilities far beyond what a legitimate search tool requires2
.While Microsoft found no evidence of password theft or credential harvesting, the extension's permissions would easily allow such activity if operators chose to expand their scope
2
. Researchers discovered disabled redirect rules for Google and Bing searches, indicating the same infrastructure could be activated for those search engines1
. The extension even included provisions to run WebAssembly code later, a feature that has no legitimate purpose in a simple search tool1
.This incident fits a concerning pattern of malicious extensions hiding behind AI branding. Microsoft's research has linked similar chat-skimming campaigns to roughly 900,000 installs across more than 20,000 company networks . While previous threats targeted AI chat conversations from ChatGPT and DeepSeek, this attack focused specifically on intercepted user searches and address bar input collected through Chrome's own extension machinery
1
.Related Stories
Anyone who installed "Search for perplexity ai" should remove it immediately and verify their default search engine settings have not been altered
1
. As an abundance of caution, users should rotate critical account passwords2
. For enterprise environments, Microsoft suggests allowing only approved extensions through browser or company policy, monitoring for changed search settings and strange extension permissions, and watching for traffic to unfamiliar domains1
.The collected data enables extensive user profiling and creates potential avenues for future exploitation, even if credentials weren't directly targeted
2
. Microsoft recommends treating AI-branded tools with extra scrutiny and verifying the publisher and domain before installation1
. No operator has been identified, and Microsoft did not disclose how many users installed the extension before takedown1
.Summarized by
Navi
[2]
07 Jan 2026•Technology

12 Feb 2026•Technology

17 Dec 2025•Technology

1
Technology

2
Policy and Regulation

3
Technology
