Emerging ThreatsMalware & Ransomware

Malicious Chrome Extension Exploits Perplexity AI Brand for Data Collection

Analyst 207||Source: BleepingComputer
Laptop on a desk with a Chromium browser window open, displaying a search results page.

"The extension overrides browser search settings through chrome_settings_overrides to replace the browser default search provider as well as intercept and redirect all queries in a Chromium browser’s Omnibox to an intermediary infrastructure not associated with the official vendor domain," Microsoft Threat Intelligence researchers wrote.

Microsoft Threat Intelligence: what they found

Researchers at Microsoft Threat Intelligence found a malicious Chrome extension masquerading as Perplexity AI that intercepted users' searches and routed them through an attacker-controlled infrastructure before returning people to legitimate search services. The extension, listed under the name "Search for perplexity ai," used branding similar to the genuine Perplexity product but used the domain “perplexity-ai[.]online,” rather than the legitimate perplexity.ai.

Microsoft confirmed the extension did not steal credentials or other sensitive information, but warned that the permissions the extension requested would have allowed far broader data collection if the operator chose to expand its behavior. The company also highlighted logging code on the extension’s server that "indicates intentional design" for collecting query traffic and related browsing information.

How the fake "Search for perplexity ai" operated

Once installed, the extension changed the browser's search settings and passed all address-bar queries through an intermediary controlled by the attackers. Microsoft described a specific technical mechanism: the extension used chrome_settings_overrides to replace the default search provider and reroute Omnibox queries to infrastructure not associated with the official vendor domain.

Rather than returning answers directly from Perplexity, the extension routed search queries and real-time suggestions through its own systems and then redirected users to the legitimate search services. That routing allowed the operator to log queries and suggestion traffic in real time, giving them visibility into users' searches and potentially enabling profiling based on browsing behavior.

Permissions, DNR rules, and the risk profile

Microsoft noted the extension requested powerful Chrome permissions, including DNR capabilities that permit traffic redirection, URL rewriting, and selective request filtering. The researchers wrote that these permissions "aren’t consistent with expected AI assistant behavior" and that the requests enabled redirections, URL rewriting, and monitoring when rules execute.

Although no credential theft was observed, Microsoft cautioned that the combination of logging code and broad permissions meant the operator could have expanded the extension’s scope to collect far more sensitive data. The observed behavior—intercepting and logging address-bar queries and suggestion traffic—already produces an extensive dataset suitable for profiling and potential exploitation.

What users should do now

  • Remove the extension if it is installed. Microsoft identified the malicious extension by the Chrome Web Store ID "flkebkiofojicogddingbdmcmkpbplcd" and advised affected users to uninstall it from their browsers.
  • Rotate critical account passwords as a precaution. Even though Microsoft found no evidence of credential theft, the advisory urges users to change passwords for important accounts out of an abundance of caution.
  • Verify extensions before installing. The fake extension impersonated the official Perplexity brand while using a different domain and a slightly different extension name; the official desktop and browser offering is named “Perplexity – AI Search” and the legitimate web domain is perplexity.ai.

How technologists, end users, and procurement leaders will respond

  • Technologists and security teams will need to audit extensions' permissions and review any Omnibox or search-provider overrides in enterprise-managed browsers, given that the extension used chrome_settings_overrides and DNR rules to reroute traffic through attacker infrastructure.
  • End users should check installed extensions for the ID "flkebkiofojicogddingbdmcmkpbplcd" or the name "Search for perplexity ai," remove them, and rotate passwords for critical accounts because the extension logged search data even though no credentials were observed stolen.
  • Procurement leaders and browser-policy owners should confirm that officially sanctioned extensions match expected domains and branding—Microsoft flagged the discrepancy between “perplexity-ai[.]online” and the legitimate perplexity.ai as a core indicator of impersonation.

The incident is a reminder that browser extensions with broad permissions can be weaponized even without direct credential theft: intercepting and logging search traffic produces rich intelligence about users' interests and activities. Users who installed the extension identified by the ID "flkebkiofojicogddingbdmcmkpbplcd" should remove it and rotate important passwords; security teams should hunt for similar overrides and unexpected DNR rules in their environments.

Original story

Emerging ThreatsMalware OperationsBrowser HijackingChrome ExtensionMicrosoft Threat IntelligenceAI Brand ExploitationPerplexity AISearch Hijacking
Related Intelligence

Continue Reading

Cramped office with people at desks surrounded by clutter and technology.

Ransomware Groups Adopt Corporate Structure to Extort Victims

Meet Black Basta, a ransomware group that operated like a corporate powerhouse, launching attacks on 520 victims across 39 industries and raking in at least $107 million in bitcoin payments. With a structured team, set schedules, and outsourced tasks, this syndicate's business model was surprisingly sophisticated.

Analyst 207
Blurred laptop screen on a desk with a concerned person in the background.

Huntress Insider Threat Exposed in Ransomware Probe Leak

A Huntress insider reportedly made a grave mistake, casually disclosing to a cybercriminal that law enforcement was on their tail - a moment of poor judgment that fell short of the company's high standards. The alarming exchange was part of a larger pattern of questionable communication uncovered between the currently employed threat hunter and the threat actor.

Analyst 207
Blurred computer screen at a corporate office workstation in bright daylight.

ToddyCat APT Group Exploits Google API for Email Access

Meet ToddyCat, a sneaky APT group that's taken automation to the next level with its new tool, Umbrij - allowing it to secretly tap into corporate email and cloud resources by exploiting Google API. This stealthy move has helped ToddyCat remain undetected by monitoring systems, leaving organizations vulnerable to attack.

Analyst 207
Brightly-lit server in a neutral data center setting.

Langflow Vulnerability Exploited to Deploy Monero Miner on AI App Endpoints

Hackers exploited a critical vulnerability in Langflow to sneak a Monero cryptocurrency miner onto AI app endpoints, using just one line of Python code to start the attack. Over 19 days in March and April, threat actors took advantage of the unauthenticated remote code execution flaw, rated CVSS 9.3, to spread the malware.

Analyst 207