Full Report
Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redirecting users to real results. Microsoft says Google removed it from the store after responsible disclosure. The extension was called "
Analysis Summary
# Incident Report: Malicious "Search for perplexity ai" Chrome Extension
## Executive Summary
A malicious Chrome extension impersonating the AI search engine Perplexity was discovered intercepting user search queries and real-time address bar inputs. The extension routed data through an attacker-controlled server before redirecting users to legitimate search results to maintain the illusion of functionality. Following a responsible disclosure by Microsoft, Google has removed the extension from the Chrome Web Store.
## Incident Details
- **Discovery Date:** June 29, 2026 (Public reporting date)
- **Incident Date:** Continuous until June 2026
- **Affected Organization:** Users of Google Chrome/Chromium-based browsers
- **Sector:** General Public / Multiple Sectors (over 20,000 company networks affected by similar campaigns)
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** Pre-June 2026
- **Vector:** Social Engineering / Brand Impersonation
- **Details:** The extension "Search for perplexity ai" was listed on the Chrome Web Store, leveraging the popularity of AI tools to trick users into installation. It used a look-alike domain `perplexity-ai[.]online` to appear legitimate.
### Lateral Movement
- **N/A:** As a browser extension, it focused on data collection from the host rather than moving through a corporate network, though it was present on over 20,000 company networks.
### Data Exfiltration/Impact
- **Details:** The extension modified browser settings to become the default search provider. It exfiltrated every character typed into the address bar (via `suggest_url`) and every completed search query to the attacker’s server, along with IP addresses, browser headers, and user agents.
### Detection & Response
- **How it was discovered:** Microsoft Defender research team identified the malicious behavior and server-side logging.
- **Response actions taken:** Microsoft performed a responsible disclosure to Google; Google removed the extension from the Chrome Web Store.
## Attack Methodology
- **Initial Access:** Brand Impersonation (Perplexity AI) on official extension marketplace.
- **Persistence:** Modified browser default search engine and search suggestion URL settings.
- **Privilege Escalation:** Not reported, but requested `declarativeNetRequest` permissions to intercept network traffic.
- **Defense Evasion:** Used legitimate search redirects to valid engines (Google, Bing, Perplexity) to hide malicious activity; utilized server-side code for logging to keep logic off the client device.
- **Credential Access:** Potential for credential theft if users typed passwords or sensitive tokens into the address bar.
- **Discovery:** Collected browser headers and user agents.
- **Lateral Movement:** N/A.
- **Collection:** Intercepted all keystrokes in the address bar and all search queries.
- **Exfiltration:** Routed data through `perplexity-ai[.]online` before reaching legitimate destinations.
- **Impact:** Privacy violation and data theft; potential for future malware delivery via pre-staged WebAssembly (Wasm) support.
## Impact Assessment
- **Financial:** Not disclosed; potential for secondary fraud via collected data.
- **Data Breach:** High-volume collection of PII (IP addresses) and potentially sensitive search/URL data.
- **Operational:** Minimal disruption, as search functionality remained intact to avoid detection.
- **Reputational:** Erosion of trust in browser extension marketplaces and AI-branded tools.
## Indicators of Compromise
- **Extension ID:** `flkebkiofojicogddingbdmcmkpbplcd`
- **Network Indicators:**
- `perplexity-ai[.]online` (Attacker-controlled domain)
- **Behavioral Indicators:**
- Unauthorized changes to default search provider.
- Outbound traffic to unknown domains during address bar typing.
## Response Actions
- **Containment:** Google removed the extension from the official store.
- **Eradication:** Users must manually remove the extension and reset their browser search settings.
- **Recovery:** Organizations are advised to audit for the presence of this extension ID across their fleet and block traffic to the known malicious domain.
## Lessons Learned
- **Marketplace Trust:** Reliance on official stores is insufficient; malicious actors successfully bypass automated checks using AI branding.
- **Permissions Abuse:** Threat actors are increasingly using `declarativeNetRequest` and search-override permissions to perform "Man-in-the-Browser" style data collection.
- **AI Hype Cycle:** Attackers are aggressively pivoting to AI-related keywords to capitalize on user interest in new technologies.
## Recommendations
- **Extension Policy:** Implement a "Allow List" only policy for browser extensions in corporate environments.
- **Monitoring:** Monitor for modifications to `search_url` and `suggest_url` settings via Group Policy or MDM.
- **User Education:** Advise users to verify the publisher and linked domain of AI tools before installation.
- **Technical Controls:** Block look-alike and newly registered domains (NRDs) associated with popular AI services at the DNS level.