A malicious Chrome Web Store extension posing as the Perplexity AI answer engine intercepted search traffic and collected browsing information, Microsoft Threat Intelligence said in a technical analysis of the extension in June. The extension, called “Search for perplexity ai”, routed queries and suggestions through attacker infrastructure before sending users on to legitimate search services.
KEY FACTS
- Masquerade The extension used branding similar to Perplexity AI and the domain perplexity-ai.online.
- Behavior It changed browser search settings and intercepted Omnibox queries.
- Permissions It requested DNR capabilities that can redirect, rewrite and filter traffic.
- Scope Microsoft found no evidence of credential theft, but said the design could support broader data collection.
- ID Users who installed extension ID flkebkiofojicogddingbdmcmkpbplcd were advised to remove it.
Perplexity AI is a research assistant that answers questions in a conversational format, and its official Chrome extension is named “Perplexity – AI Search.” The report said the fake extension used similar branding to blend in with the legitimate product.
Once installed, it overrode browser search settings through chrome_settings_overrides and sent address-bar queries to an intermediary infrastructure not tied to the official vendor domain. Microsoft said logging code on the extension’s server showed the collection was intentional.
The extension also asked for powerful permissions that could enable traffic redirection, URL rewriting and selective request filtering. Microsoft found no signs that passwords or other credentials were taken, but said the confirmed data collection could still support profiling.
Users who installed the extension were advised to remove it from the browser and rotate critical account passwords out of caution.
WHY IT MATTERS
The case shows how a browser extension can collect search activity while appearing to offer an AI tool. It also highlights the risk from broad extension permissions, which can be used to alter traffic and gather data beyond what users may expect.