Microsoft has identified a malicious Google Chrome extension that impersonated the artificial intelligence search platform Perplexity AI and secretly intercepted user search activity before forwarding it to attacker controlled infrastructure. According to Microsoft’s Defender Research team, the extension collected search queries and even captured characters typed into the browser’s address bar before redirecting users to legitimate search results, making the malicious activity difficult to detect. Following responsible disclosure by Microsoft, Google removed the extension from the Chrome Web Store. The extension, named “Search for perplexity ai” and identified by the extension ID flkebkiofojicogddingbdmcmkpbplcd, used the deceptive domain perplexity ai.online to imitate the legitimate Perplexity AI service. Researchers stated that while they found no evidence that the extension attempted to steal passwords, it obtained significantly broader access to user activity than would normally be expected from a browser search extension.
Microsoft’s investigation revealed that after installation, the extension configured itself as the browser’s default search engine, allowing it to intercept all search requests before forwarding users to legitimate search providers. Instead of sending searches directly to Perplexity, Google, or Bing, every query was first transmitted to the attacker controlled server hosted on the fake domain. During this initial connection, the server logged the user’s search terms together with browser headers, IP address, and user agent information before redirecting the request to the selected search engine, allowing users to receive normal search results without immediately realizing their activity had been intercepted. Researchers also found that the extension modified Chrome’s live search suggestion feature by directing the browser’s suggest URL to the same attacker controlled infrastructure. This meant that every character typed into the browser’s address bar was transmitted to the remote server in real time, even before users completed or submitted their searches. According to Microsoft, Chrome supports legitimate search provider overrides for trusted browser extensions, but this extension abused that capability to silently collect user information. The extension requested declarativeNetRequest related permissions that enabled the traffic manipulation, while associated server side code confirmed that logging of search traffic was an intentional feature rather than an unintended consequence of the redirection process.
Researchers also discovered additional functionality indicating that the campaign had the potential to expand beyond Perplexity AI. The extension contained inactive redirect rules for both Google and Bing, allowing the attackers to activate similar interception capabilities for other search providers if required. Microsoft further noted that the extension included provisions for executing WebAssembly code in the future, a capability that serves no legitimate purpose for a basic browser search extension and may have enabled further malicious functionality. The company said the activity reflects a continuing trend in which threat actors use the growing popularity of artificial intelligence services to disguise malicious browser extensions as legitimate productivity tools. Previous investigations by Microsoft identified AI themed browser extensions that harvested conversations from services such as ChatGPT and DeepSeek, with those campaigns linked to approximately 900,000 installations across more than 20,000 corporate networks. Unlike those earlier incidents, the latest extension specifically targeted search activity and browser address bar input by abusing Chrome’s own extension framework rather than focusing on AI chatbot conversations.
Microsoft advised anyone who installed the “Search for perplexity ai” extension to remove it immediately and verify that their browser’s default search engine settings have not been modified. The company also recommended that organizations strengthen browser security by allowing only approved extensions through enterprise policies, monitoring systems for unexpected changes to search engine configurations, reviewing browser extensions requesting unusual permissions, and investigating network traffic directed toward unfamiliar domains. Researchers further encouraged users to exercise caution when installing AI branded browser tools by carefully verifying the publisher’s identity and confirming that associated websites belong to legitimate services before granting browser permissions. Microsoft did not identify the individuals or group responsible for operating the campaign and did not disclose how many users installed the malicious extension before it was removed from the Chrome Web Store. The company noted that the extension relied on the popularity of AI branding to attract installations while using modified browser search settings to quietly collect user search activity and browsing information.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.