[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fd7Ve_yHW0uC2dL7NPIKGOogOleP5QML2CHTPkocLW24":3},{"article":4,"iocs":46},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":28,"category":29,"article_tags":33},"60c7a62a-6e9e-4bfb-94e1-c70822307a68","Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input","malicious-perplexity-chrome-extension-intercepted-searches-and-address-bar-input-5ee7da","Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redirecting users to real results. Microsoft says Google removed it from the store after responsible disclosure. The extension was called \"","A malicious Chrome extension disguised as the AI search engine Perplexity was discovered by Microsoft. It logged user search queries and every character typed into the address bar, routing the data through an attacker-controlled server before redirecting users to legitimate search results. The extension, named 'Search for perplexity ai', also aimed to hijack the browser's live search suggestions.","Malicious Chrome extension impersonated Perplexity AI, logging searches and address bar input.","Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input Swati KhandelwalJun 29, 2026Browser Security \u002F Web Security Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redirecting users to real results. Microsoft says Google removed it from the store after responsible disclosure. The extension was called \"Search for perplexity ai\" (ID flkebkiofojicogddingbdmcmkpbplcd) and used a look-alike domain, perplexity-ai[.]online, to pass for the real service at perplexity.ai. Microsoft's Defender research team says the point was to intercept searches and collect data. It found no proof of password theft, but far more access than a search box should ever need. Once installed, the extension sets itself as the browser's default search engine. When you searched, the query went first to perplexity-ai[.]online, where the attacker's server logged it with your browser headers, IP address, and user agent. A rule then bounced you to a real search engine (Perplexity, Google, or Bing), so the results looked normal. The theft happened on that first stop, before the redirect. The address bar made it worse. The extension also pointed the browser's live search suggestions (the suggest_url) to the same attacker domain. So your input went to the attacker's server before you pressed Enter. Not just finished searches, but every character as you typed it. Chrome permits search-provider overrides, and legitimate extensions use them. Rewriting and redirecting your traffic is the part a search box has no business doing. This one asked for the declarativeNetRequest family of permissions to do exactly that, then shipped server-side code that logged every request. Microsoft calls that proof the collection was deliberate, not a side effect of the redirect. The extension also shipped disabled redirect rules for Google and Bing, so the same setup could be switched on for those engines too. It even left room to run WebAssembly code later, which a simple search tool has no reason to do. This fits a steady run of malicious extensions that hide behind AI branding. Some swap the default search engine to capture what you type. Others hijack the search provider or skim ChatGPT and DeepSeek chats. Microsoft's own research tied that chat-skimming wave to roughly 900,000 installs across more than 20,000 company networks. The difference here is the target: not your AI chats, but your searches and the characters you type into the address bar, collected through Chrome's own extension machinery. If you installed \"Search for perplexity ai,\" remove it and check that your default search engine has not been changed. For teams, Microsoft suggests the basics: Allow only approved extensions through the browser or company policy. Watch for changed search settings, strange extension permissions, and traffic to unfamiliar domains. Treat AI-branded tools with extra suspicion, and check the publisher and domain before installing. No one has been named as the operator, and Microsoft did not say how many people installed it before the takedown. The AI branding got the install. The search override did the collecting. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  AI Security, browser security, chrome extension, data theft, Malware, Microsoft, Perplexity AI, Threat Research, Web Security ⚡ Top Stories This Week Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool 29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests ⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data ⭐ Featured Resources Get the 2026 Guide to Govern and Secure Enterprise AI Agents at Scale [Watch Demo] See Which Security Gaps Attackers Could Exploit First AI Can’t Stop Every Attack. Learn How Zero Trust Can Block What’s Unknown Have You Outgrown Your MDR? 7 Warning Signs Every CISO Should Check","https:\u002F\u002Fthehackernews.com\u002F2026\u002F06\u002Fmalicious-perplexity-chrome-extension.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEgOcObOpyIQZzuiNoFu6Lv4jCDh64o1WYrC3stGdk58mMRg69RT56svVrXVwu618f6szk2lj_Tqbt6b7Rg25yV0cauxIDTbMAI8cbftKVYibIt5SMeaOT2zE3oeuu-RLI7M1mkEV3zirqDiO-nLMikX7QixM2EpVIdKQERGc7I_0p58L4J-s5mBjSCpgHc\u002Fs1600\u002Fpp-ai.jpg","2026-06-29T18:40:09+00:00","2026-06-29T20:00:05.572771+00:00",8,[18,21,24,26],{"name":19,"type":20},"Chrome","product",{"name":22,"type":23},"Microsoft","vendor",{"name":25,"type":23},"Google",{"name":27,"type":20},"Perplexity AI","89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5",{"id":28,"icon":30,"name":31,"slug":32},null,"Malware","malware",[34,36,41],{"category":35},{"id":28,"icon":30,"name":31,"slug":32},{"category":37},{"id":38,"icon":30,"name":39,"slug":40},"ade75414-7914-4e23-a450-48b64546ee70","Open Source","open-source",{"category":42},{"id":43,"icon":30,"name":44,"slug":45},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[47,51],{"type":48,"value":49,"context":50},"domain","perplexity-ai[.]online","Look-alike domain used by the malicious extension to intercept traffic.",{"type":32,"value":52,"context":53},"Search for perplexity ai","Name of the malicious Chrome extension."]