Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private

July 4, 2026

Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input

July 4, 2026

Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs

July 4, 2026
Facebook X (Twitter) Instagram
Sunday, July 5
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input
News

Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input

Team-CWDBy Team-CWDJuly 4, 2026No Comments3 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redirecting users to real results.

Microsoft says Google removed it from the store after responsible disclosure. The extension was called “Search for perplexity ai” (ID flkebkiofojicogddingbdmcmkpbplcd) and used a look-alike domain, perplexity-ai[.]online, to pass for the real service at perplexity.ai.

Microsoft’s Defender research team says the point was to intercept searches and collect data. It found no proof of password theft, but far more access than a search box should ever need.

Once installed, the extension sets itself as the browser’s default search engine. When you searched, the query went first to perplexity-ai[.]online, where the attacker’s server logged it with your browser headers, IP address, and user agent.

A rule then bounced you to a real search engine (Perplexity, Google, or Bing), so the results looked normal. The theft happened on that first stop, before the redirect.

The address bar made it worse. The extension also pointed the browser’s live search suggestions (the suggest_url) to the same attacker domain. So your input went to the attacker’s server before you pressed Enter. Not just finished searches, but every character as you typed it.

Chrome permits search-provider overrides, and legitimate extensions use them. Rewriting and redirecting your traffic is the part a search box has no business doing. This one asked for the declarativeNetRequest family of permissions to do exactly that, then shipped server-side code that logged every request. Microsoft calls that proof the collection was deliberate, not a side effect of the redirect.

The extension also shipped disabled redirect rules for Google and Bing, so the same setup could be switched on for those engines too. It even left room to run WebAssembly code later, which a simple search tool has no reason to do.

This fits a steady run of malicious extensions that hide behind AI branding. Some swap the default search engine to capture what you type. Others hijack the search provider or skim ChatGPT and DeepSeek chats. Microsoft’s own research tied that chat-skimming wave to roughly 900,000 installs across more than 20,000 company networks.

The difference here is the target: not your AI chats, but your searches and the characters you type into the address bar, collected through Chrome’s own extension machinery.

If you installed “Search for perplexity ai,” remove it and check that your default search engine has not been changed. For teams, Microsoft suggests the basics:

  • Allow only approved extensions through the browser or company policy.
  • Watch for changed search settings, strange extension permissions, and traffic to unfamiliar domains.
  • Treat AI-branded tools with extra suspicion, and check the publisher and domain before installing.

No one has been named as the operator, and Microsoft did not say how many people installed it before the takedown. The AI branding got the install. The search override did the collecting.



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleApple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs
Next Article WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private
Team-CWD
  • Website

Related Posts

News

WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private

July 4, 2026
News

Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs

July 4, 2026
News

Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks

July 4, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202522 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

Why cybercriminals want to break into your email account

June 29, 2026

Watch out for SVG files booby-trapped with malware

September 22, 2025

How it preys on personal data – and how to stay safe

October 23, 2025

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.