A fraudulent browser extension posing as the Perplexity AI assistant was discovered in the Chrome Web Store, where it intercepted search traffic and collected browsing data from users who installed it. Microsoft Threat Intelligence researchers identified the extension and published their findings.
How the Extension Operated
The extension, named “Search for perplexity ai,” used branding similar to the legitimate Perplexity AI product and operated from the domain perplexity-ai[.]online rather than the official perplexity.ai domain. After installation, it presented users with an onboarding page and then silently modified browser search settings to replace the default search provider.
All queries typed into the Chromium address bar (Omnibox) were routed through intermediary infrastructure controlled by the attacker before being redirected to the legitimate search service. Real-time search suggestions were also captured in transit. Logging code discovered on the extension’s server indicated this behavior was intentional, not incidental.
Permissions Beyond What an AI Assistant Needs
The extension requested Declarative Net Request (DNR) permissions enabling traffic redirection, URL rewriting, and selective request filtering. Microsoft noted these capabilities are not consistent with legitimate AI assistant functionality and would allow the operator to expand the scope of data collection significantly if they chose to do so.
- Override of the browser’s default search provider via
chrome_settings_overrides - Interception of all Omnibox queries before forwarding to official services
- DNR permissions supporting URL rewriting and request monitoring
Researchers confirmed no evidence of credential theft or collection of sensitive account data, but noted the permissions in place would have made such activity straightforward to enable.
Scope and Remediation
For context, the legitimate Perplexity AI Chrome extension is named Perplexity – AI Search and is available alongside Perplexity’s web, mobile, and desktop offerings. The fake extension used superficially similar naming to exploit user familiarity with the brand.
Users who installed the extension with the ID flkebkiofojicogddingbdmcmkpbplcd should remove it immediately. As a precautionary measure, rotating passwords for critical accounts is also advisable, given the extent of browsing activity that may have been exposed. Security teams should review browser extension policies and consider restricting installations to approved extension lists to reduce similar risks going forward.
