Security researchers at **Microsoft** have uncovered a malicious **Chrome** extension that impersonated the popular AI search engine **Perplexity**. Named "Search for perplexity ai" (ID: `flkebkiofojicogddingbdmcmkpbplcd`), this extension was designed to intercept and log users' search queries and every character typed into the address bar. ### The Deceptive Modus Operandi The extension leveraged a look-alike domain, `perplexity-ai[.]online`, to mimic the legitimate **perplexity.ai** service. Upon installation, it would set itself as the browser's default search engine. When a user initiated a search, the query was first routed through the attacker-controlled `perplexity-ai[.]online` server. Here, the query, along with browser headers, IP address, and user agent, was logged before the user was redirected to a genuine search engine like **Perplexity**, **Google**, or **Bing**. Crucially, the attack extended beyond completed searches. The extension also pointed the browser's live search suggestions (`suggest_url`) to the same malicious domain, meaning every character typed into the address bar was captured in real-time, even before the user pressed Enter. ### Exploiting Chrome's Search Provider Overrides While **Chrome** permits legitimate extensions to override search providers, this malicious extension abused the `declarativeNetRequest` permissions to rewrite and redirect traffic for data collection. **Microsoft's Defender research team** found no evidence of password theft, but the extent of data access far exceeded what a standard search tool requires. The presence of server-side code for logging requests confirmed the deliberate intent behind the data collection.  The extension also contained disabled redirect rules for **Google** and **Bing**, indicating potential for broader targeting. Furthermore, it left room for executing **WebAssembly** code, a capability unnecessary for a simple search tool, hinting at future malicious functionalities. ### A Broader Trend of AI-Branded Malice This incident is part of a growing trend of malicious extensions leveraging AI branding to deceive users. Previous campaigns have involved extensions that swap default search engines to capture input, hijack search providers, or even skim conversations from large language models like **ChatGPT** and **DeepSeek**. **Microsoft's** own research has linked chat-skimming waves to nearly 900,000 installations across over 20,000 corporate networks. The key distinction in this case is the focus: not on AI chat histories, but on the fundamental act of searching and typing into the address bar, all captured via **Chrome's** native extension mechanisms. ### Recommendations for IT Security Professionals and Users **Google** has since removed "Search for perplexity ai" from its **Chrome Web Store** following responsible disclosure by **Microsoft**. Users who may have installed this extension are strongly advised to remove it immediately and verify that their default search engine settings have not been altered. For IT security teams, **Microsoft** recommends the following best practices: * **Strict Extension Policies**: Implement browser or company policies to allow only approved extensions. * **Monitor for Anomalies**: Watch for unauthorized changes in search settings, unusual extension permissions requests, and suspicious traffic to unfamiliar domains. * **Scrutinize AI-Branded Tools**: Exercise extreme caution with AI-branded tools. Always verify the publisher's legitimacy and the domain before installation.