logo

Chromium extension uses AI‑related branding to redirect browser search

ID: c6f149a5-3b91-563b-b427-33277711ab8b

STIX ID: report--c6f149a5-3b91-563b-b427-33277711ab8b

Feed Name: Microsoft Security

Threat Score
70/100

Date Published: 2026-06-29

Date Updated: 2026-07-02

Author: Microsoft Defender Security Research Team and Microsoft Defender Experts

...
...

Microsoft Threat Intelligence reports a malicious Chromium extension named "Search for perplexity ai" (ID: flkebkiofojicogddingbdmcmkpbplcd) that spoofs Perplexity AI and hijacks browser search by routing Omnibox queries and real-time suggestions through a typosquatted domain (perplexity-ai.online); the extension abuses MV3 declarativeNetRequest rules and a server-side proxy (server.js) to log queries and headers, enabling data collection and user surveillance. The extension has been removed from the Chrome Store; the report includes IOCs, mitigation advice, and hunting queries for detection and response.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.