Chromium extension uses AI‑related branding to redirect browser search
ID: c6f149a5-3b91-563b-b427-33277711ab8b
STIX ID: report--c6f149a5-3b91-563b-b427-33277711ab8b
Feed Name: Microsoft Security
Date Published: 2026-06-29
Date Updated: 2026-07-02
Author: Microsoft Defender Security Research Team and Microsoft Defender Experts
Microsoft Threat Intelligence reports a malicious Chromium extension named "Search for perplexity ai" (ID: flkebkiofojicogddingbdmcmkpbplcd) that spoofs Perplexity AI and hijacks browser search by routing Omnibox queries and real-time suggestions through a typosquatted domain (perplexity-ai.online); the extension abuses MV3 declarativeNetRequest rules and a server-side proxy (server.js) to log queries and headers, enabling data collection and user surveillance. The extension has been removed from the Chrome Store; the report includes IOCs, mitigation advice, and hunting queries for detection and response.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
