Key point: A fake Perplexity extension (flkebkiofojicogddingbdmcmkpbplcd) intercepted all search queries and logged search terms, HTTP headers, IP addresses, and user-agent data.
Microsoft Threat Intelligence identified a malicious Chrome extension that masqueraded as the legitimate Perplexity AI search and redirected search queries through unauthorized servers. Google removed the add-on from the Chrome Web Store following notification from Microsoft.
The malicious extension was named “Search for perplexity ai” and imitated the visual design of the official Perplexity AI extension. However, it used the domain perplexity-ai.online instead of the correct domain perplexity.ai. After installation, the add-on modified browser settings in the background and set itself as the default search provider.
The extension overrode browser search settings via chrome_settings_overrides and redirected all search queries from the Chromium browser’s omnibox to intermediary infrastructure unaffiliated with the official manufacturer. This captured all inputs in the address bar – including real-time search suggestions while typing. On the attackers’ servers, complete search terms, HTTP headers, IP addresses, and user-agent data were logged. Because users were redirected directly to legitimate search results after this invisible interception point, the attack went unnoticed during normal operation.
The requested permissions exceeded what an AI assistant would require. The extension requested extensive DNR permissions that enable traffic redirection, URL rewriting, and selective request filtering. While Microsoft analysts did not detect direct theft of credentials or passwords, the requested permissions offered potential for further attacks.
The collected information enables detailed user profiling – a data treasure that could potentially be abused for tracking, targeted phishing attacks, or social engineering campaigns. Users who installed the extension with identification number flkebkiofojicogddingbdmcmkpbplcd should uninstall it immediately and, as a precaution, change important passwords.
Source: www.it-daily.net · Published 4 July 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.2.