Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1794+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. News
  3. Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input
Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input
NEWS

Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input

Microsoft uncovered a fake Perplexity AI Chrome extension that silently captured every search query and address bar keystroke, routing the data to an...

Dylan H.

News Desk

June 29, 2026
3 min read

Microsoft's security researchers have uncovered a malicious Chrome browser extension that posed as the popular Perplexity AI search engine while silently harvesting users' search queries and every character typed into the browser's address bar.

The extension — named "Search for perplexity ai" (extension ID: flkebkiofojicogddingbdmcmkpbplcd) — was available on the Chrome Web Store before Google removed it following Microsoft's responsible disclosure.

What It Did

The extension operated as a convincing Perplexity impersonator. From the user's perspective, it appeared to enhance their browsing with AI-powered search. In reality, it was running a passive surveillance operation:

  • Intercepted every search query entered through the browser
  • Captured keystrokes in the address bar in real time — not just completed searches, but partial input as well
  • Exfiltrated data including browser headers, IP addresses, and user agent strings to an attacker-controlled server
  • Redirected traffic through a lookalike domain — perplexity-ai[.]online — before forwarding users to legitimate results

The lookalike domain was designed to be indistinguishable from the real perplexity.ai at a glance, making the exfiltration difficult for users to detect through casual network monitoring.

Technical Operation

The extension abused Chrome's extension permissions model, which allows extensions with broad tab and webRequest permissions to intercept and observe virtually all browser traffic. Once installed:

  1. The extension registered listeners on address bar input events
  2. All captured data was sent to perplexity-ai[.]online via HTTP requests
  3. The server at the lookalike domain logged the data before proxying the user's actual search to the real Perplexity service
  4. Users received normal-looking results with no indication anything was wrong

This type of attack is particularly effective because browser extensions are often installed without careful scrutiny, and many users assume the Chrome Web Store performs thorough security vetting — it does not.

Scope of Exposure

All users who installed the extension were exposed. The full number of installs is not publicly confirmed, but the extension's presence on the official Chrome Web Store gave it a veneer of legitimacy that likely drove significant downloads.

Data collected could be used for:

  • Credential theft — capturing typed passwords if users entered them in the address bar
  • Surveillance — building a profile of a user's research and browsing habits
  • Corporate espionage — intercepting sensitive internal searches from enterprise users

Remediation

If you installed this extension:

  1. Remove it immediately: Chrome Menu → Extensions → Remove "Search for perplexity ai"
  2. Change passwords for any accounts you may have searched for or typed credentials into
  3. Review your Chrome extensions — audit all installed extensions and remove any you don't recognize or no longer use
  4. Check for the IOC: Block perplexity-ai[.]online at your DNS or firewall level

Going forward, install extensions only from verified publishers with a clear history and minimal permissions.

References

  • The Hacker News — Malicious Perplexity Chrome Extension
  • Windows News — Microsoft Flags Malicious Perplexity AI Extension
#Chrome#Browser Extension#Malware#Microsoft#Perplexity#Data Exfiltration

Related Articles

Fake Perplexity Extension on Chrome Web Store Tracked Searches and Harvested Browsing Data

A malicious extension masquerading as the Perplexity AI answer engine was discovered on the Chrome Web Store, intercepting search traffic and collecting...

3 min read

In a First, a Court Takedown Goes After Two Cybercrime Tools at Once

Microsoft and Europol dismantled both StealC and Amadey simultaneously in a single RICO filing — the first time a court-authorized takedown has targeted...

4 min read

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Security researchers at Island discovered that 'Adblock for YouTube,' a Chrome extension with over 10 million installs and a Featured badge, contains a...

3 min read
Back to all News