Microsoft has discovered a malicious Chrome extension that posed because the AI search engine Perplexity and quietly logged what individuals looked for. It routed each question and each character typed into the handle bar by an attacker-controlled server earlier than redirecting customers to actual outcomes.
Microsoft says Google eliminated it from the shop after accountable disclosure. The extension was referred to as “Seek for perplexity ai” (ID flkebkiofojicogddingbdmcmkpbplcd) and used a look-alike area, perplexity-ai[.]on-line, to move for the actual service at perplexity.ai.
Microsoft’s Defender analysis group says the purpose was to intercept searches and gather information. It discovered no proof of password theft, however much more entry than a search field ought to ever want.
As soon as put in, the extension units itself because the browser’s default search engine. Whenever you searched, the question went first to perplexity-ai[.]on-line, the place the attacker’s server logged it together with your browser headers, IP handle, and consumer agent.
A rule then bounced you to an actual search engine (Perplexity, Google, or Bing), so the outcomes regarded regular. The theft occurred on that first cease, earlier than the redirect.
The handle bar made it worse. The extension additionally pointed the browser’s reside search ideas (the suggest_url) to the identical attacker area. So your enter went to the attacker’s server earlier than you pressed Enter. Not simply completed searches, however each character as you typed it.
Chrome permits search-provider overrides, and legit extensions use them. Rewriting and redirecting your visitors is the half a search field has no enterprise doing. This one requested for the declarativeNetRequest household of permissions to do precisely that, then shipped server-side code that logged each request. Microsoft calls that proof the gathering was deliberate, not a facet impact of the redirect.
The extension additionally shipped disabled redirect guidelines for Google and Bing, so the identical setup may very well be switched on for these engines too. It even left room to run WebAssembly code later, which a easy search software has no cause to do.
This matches a gradual run of malicious extensions that cover behind AI branding. Some swap the default search engine to seize what you sort. Others hijack the search supplier or skim ChatGPT and DeepSeek chats. Microsoft’s personal analysis tied that chat-skimming wave to roughly 900,000 installs throughout greater than 20,000 firm networks.
The distinction right here is the goal: not your AI chats, however your searches and the characters you sort into the handle bar, collected by Chrome’s personal extension equipment.
When you put in “Seek for perplexity ai,” take away it and examine that your default search engine has not been modified. For groups, Microsoft suggests the fundamentals:
- Permit solely authorised extensions by the browser or firm coverage.
- Look ahead to modified search settings, unusual extension permissions, and visitors to unfamiliar domains.
- Deal with AI-branded instruments with further suspicion, and examine the writer and area earlier than putting in.
Nobody has been named because the operator, and Microsoft didn’t say how many individuals put in it earlier than the takedown. The AI branding obtained the set up. The search override did the accumulating.
