Fake Perplexity extension on Chrome Web Store tracked searches

A malicious Chrome extension posing as a popular research assistant has been discovered on the Chrome Web Store, intercepting search traffic and collecting browsing information from unsuspecting users. The fake “Perplexity AI” extension, available for download with the ID “flkebkiofojicogddingbdmcmkpbplcd”, is a convincing imitation of the legitimate Perplexity AI answer engine. Its true purpose, however, is to siphon off valuable data from users who install it.

Perplexity AI is a research assistant that helps users find answers by searching the web and synthesizing information in a conversational format. It’s available as a desktop app, mobile app (for Android and iOS), and even has an official Chrome extension with the same name. The fake extension, on the other hand, uses similar branding but with a different domain name – “perplexity-ai[.]online”. Once installed, it hijacks the browser’s search settings to replace the default search provider and redirect all address-bar queries through its own infrastructure.

Microsoft Threat Intelligence researchers found that the extension requests powerful permissions that enable traffic redirection, URL rewriting, and selective request filtering. While the extension doesn’t appear to steal credentials or other sensitive information, these permissions could easily be exploited by the attackers if they choose to do so. In fact, Microsoft discovered logging code on the extension’s server that suggests intentional design for data collection.

This type of data collection is not harmless. By intercepting search traffic and collecting browsing information, the attackers can create detailed profiles of users’ interests and habits. This information can be used to launch targeted attacks or even sold on the dark web. Even though Microsoft found no evidence of credential theft, the potential for exploitation remains.

If you’ve installed this malicious extension, it’s essential to remove it from your browser as soon as possible. Additionally, take this opportunity to rotate your critical account passwords out of an abundance of caution. This incident highlights the importance of being vigilant when downloading extensions and apps, even if they appear legitimate or come from reputable sources.

The takeaway is clear: test every layer of your security before attackers do. As Microsoft’s own research shows, many attacks go undetected until it’s too late. By regularly testing and simulating breaches, you can strengthen your defenses and prevent potential threats from slipping through the cracks.


Source: Bleeping Computer — 2026-06-30