Malicious Chromium Extension Hijacks Search via AI Branding

Introduction

Microsoft has identified a malicious Chromium-based browser extension that impersonated Perplexity AI to trick users into installing it. While the extension has been removed from the Chrome Web Store, the research is a timely reminder that browser extensions remain a high-risk attack surface—especially when threat actors use AI branding to appear legitimate.

For IT and security teams, this incident highlights the need to monitor browser extensions more closely and strengthen user awareness around fake AI tools.

What’s new

Microsoft Defender Security Research Team found that the extension:

• Spoofed Perplexity AI branding and used a typosquatted domain: perplexity-ai[.]online
• Set itself as the default browser search provider
• Intercepted Omnibox searches and even real-time search suggestions
• Routed queries through attacker-controlled infrastructure before redirecting users to expected search engines
• Used Manifest V3 and declarativeNetRequest (DNR) permissions to make the hijacking less visible to users

Microsoft classified the extension as malicious because of its search redirection behavior and the privacy risk created by capturing typed search input.

Why this is concerning

This was more than a basic search hijacker. According to Microsoft, the extension could transmit full search queries and typed characters to infrastructure outside the legitimate vendor’s domain. That creates potential for:

• User activity profiling
• Data collection for targeted advertising or further abuse
• Increased privacy exposure
• Harder-to-detect browser manipulation

Microsoft noted there was no confirmed evidence of credential theft in this case, but the permissions and behavior still present elevated risk.

Impact on administrators

Enterprise admins should treat AI-themed browser extensions as a growing social engineering vector. Users may trust extensions that reference well-known AI services, especially if the branding looks familiar.

Key admin concerns include:

• Extensions overriding browser settings without clear business need
• DNR permissions that enable traffic rewriting and redirect logic
• Requests to route search or suggestion traffic through non-vendor domains
• Limited user visibility into what the extension is doing behind the scenes

Recommended next steps

IT and security teams should:

• Review allowed browser extensions in managed environments
• Block or restrict unapproved extensions through enterprise browser policy
• Educate users to verify domains and extension publishers before installing AI-related tools
• Hunt for indicators tied to the reported extension and suspicious domains
• Use layered detection with endpoint, browser, and threat intelligence signals

This incident is also a reminder to review how your organization governs browser extensions overall—not just traditional malware.

Bottom line

Microsoft’s research shows how attackers are blending AI brand impersonation with browser extension abuse to intercept traffic in a low-friction way. Even when the end user still lands on a familiar search engine, sensitive browsing signals may already have been captured upstream.