A fake Chrome extension posing as Perplexity AI was secretly intercepting users’ searches and collecting browsing data before Google removed it from the Chrome Web Store.
Quick Summary – TLDR:
- Microsoft Threat Intelligence discovered a malicious browser extension impersonating Perplexity AI.
- The extension secretly captured search queries, typed characters, browser headers, and IP addresses.
- Google removed the extension after Microsoft reported it through responsible disclosure.
- The incident highlights how cybercriminals are increasingly using popular AI brands to trick users into installing malicious software.
What Happened?
Microsoft has uncovered a malicious Chromium based extension called Search for perplexity ai that used the branding of AI search engine Perplexity AI to deceive users. The extension was available through the Chrome Web Store before it was reported and removed by Google.
According to Microsoft’s investigation, the extension’s primary goal was not to steal passwords but to intercept search traffic and collect user data without users realizing it.
🛑 The extension did not need to steal passwords to be dangerous.
— The Hacker News (@TheHackersNews) June 29, 2026
Microsoft found a fake #Perplexity Chrome extension that logged searches and address bar input before redirecting users to real results.
How it worked, and what users should check: https://t.co/oQPOIR3Tbw
Fake Perplexity AI Extension Used Trusted Branding
The malicious extension carried the ID flkebkiofojicogddingbdmcmkpbplcd and used the suspicious domain perplexity-ai[.]online, which closely resembled the legitimate perplexity.ai website.
Researchers said the extension relied on a common tactic known as typosquatting, where attackers register domains that look similar to trusted brands in an attempt to confuse users.
The extension even presented an onboarding page at extension.tilda[.]ws/perplexityai after installation to make the experience appear legitimate and reduce suspicion.
Microsoft noted that attackers are increasingly exploiting the popularity of AI services because users often associate AI tools with productivity and trust.
How the Extension Hijacked Searches?
The extension abused several browser features available through Manifest Version 3 and declarativeNetRequest APIs to take control of browser searches.
Once installed, it changed itself into the browser’s default search provider and redirected all searches through attacker controlled infrastructure before sending users to legitimate search engines.
The process worked in two stages:
- The user’s search query was first sent to perplexity-ai[.]online.
- The attacker controlled server logged the request and collected data.
- The browser was then redirected to a legitimate search provider such as Google, Bing, or Perplexity AI.
Because users eventually saw normal search results, most would have had no indication that their searches had been intercepted.
Extension Captured Every Character Typed
One of the most concerning findings was the use of the extension’s suggest_url function.
Microsoft said this feature transmitted every character typed into the browser’s address bar to the attacker’s server before the user even pressed Enter. This effectively gave attackers a form of keystroke level monitoring of search activity.
The server side code shipped with the extension also logged:
- Search queries
- Full HTTP headers
- User agent information
- Source IP addresses
Researchers said this confirms that the data collection was intentional and built directly into the extension’s architecture.
No Evidence of Password Theft
Microsoft stated that it found no definitive evidence that the extension was stealing passwords or login credentials. However, the amount of information collected still creates significant privacy and security risks.
The company warned that intercepted browsing activity could potentially be used for:
- User profiling.
- Targeted advertising.
- Future social engineering campaigns.
- Other forms of misuse depending on the attackers’ intentions.
Microsoft Urges Users to Be Careful With AI Themed Extensions
The incident serves as another reminder that browser extensions continue to be a major attack surface for both consumers and businesses.
Microsoft recommends that organizations and users:
- Install browser extensions only from trusted publishers.
- Verify domains and branding before installing AI related tools.
- Monitor unexpected changes to browser search settings.
- Watch for extensions requesting unusual permissions.
The company also encouraged businesses to use allow listing and enterprise policies to restrict untrusted extensions.
Google has since removed the malicious extension from the Chrome Web Store following Microsoft’s responsible disclosure.
SQ Magazine Takeaway
I think this case shows how quickly cybercriminals are adapting to the AI boom. People trust names like Perplexity AI, and attackers know that. What makes this campaign dangerous is that it did not rely on obvious malware or fake login pages. Instead, it quietly sat in the browser and collected valuable information while making everything appear normal. As AI tools become more popular, users will need to pay much closer attention to browser extensions and permissions because the next fake AI tool may not be so easy to spot.
