Jul 01, 2026 · 5 min read
Fake Perplexity Chrome Extension Intercepted User Searches
An extension named "Search for perplexity ai" on the Chrome Web Store routed every search query and real-time browser suggestion through attacker infrastructure before redirecting users to legitimate results — with permissions broad enough to steal credentials if the operator chose to expand the attack.
Key Takeaways
- • Microsoft Threat Intelligence identified the malicious extension "Search for perplexity ai" (ID: flkebkiofojicogddingbdmcmkpbplcd) logging all search queries and real-time browser suggestions.
- • The extension routed intercepted searches through attacker-controlled infrastructure before delivering results, and replaced the browser's default search provider.
- • Microsoft found intentional logging code on the extension's server — this was deliberate data collection, not an accidental misconfiguration.
- • The extension's permissions would have easily allowed credential theft if the operator decided to expand the attack's scope.
- • Google removed the extension from the Chrome Web Store following Microsoft's responsible disclosure. Users who installed it should remove it and rotate passwords.
What Was the Fake Extension Doing?
The extension, named "Search for perplexity ai" and listed in the Chrome Web Store as an AI search tool, was a surveillance vehicle. When a user typed a search query — in the address bar, in a search box, or in real time as they typed — the extension captured that input and transmitted it to attacker-controlled servers. Only after routing through that infrastructure did the query reach the intended search service.
Microsoft Threat Intelligence researchers, who identified and disclosed the threat, found deliberate logging code on the extension's server. This was not an accidental data leak caused by poor coding practices. The server was designed to receive and record queries — indicating the operator had a specific purpose for collecting that information.
The extension also modified the browser's default search provider, replacing it with the attacker's infrastructure. This meant the interception was not limited to searches initiated on specific sites — any search from the address bar went through the attacker's servers first.
No credential theft was detected during Microsoft's analysis. However, researchers noted that the extension's permission set would "easily allow it if the operator decided to extend the scope of the data theft." The infrastructure was in place; the restraint — if it existed — was a policy choice that could be reversed at any time.
Why the Chrome Web Store Keeps Distributing Malware
This is not the first time a malicious extension impersonated a legitimate AI tool on the Chrome Web Store, and it will not be the last. Around the same period, Microsoft also documented a broader campaign of counterfeit AI assistant extensions that affected more than 20,000 enterprise tenants and accumulated approximately 900,000 installs across the store — harvesting chat histories, session tokens, and browsing data.
The Chrome Web Store's review process does not reliably catch malicious extensions before publication. Google performs automated and manual review, but the volume of submissions and the sophistication of evasion techniques — using delayed activation, legitimate-looking permissions requests, and branding that exploits user trust in known AI products — create a persistent gap between what reaches users and what Google can vet in time.
Extensions that request broad permissions are particularly dangerous. The fake Perplexity extension had access to browser activity across sites — a permission set that Chrome frames as "Read and change all your data on the websites you visit." Most users click through this warning without considering that it means the extension can intercept any form submission, any login credential, any email draft typed in a browser window.
How This Connects to Email and Inbox Surveillance
Browser extensions operate at the same layer as your inbox. An extension with permission to "read and change all your data on websites you visit" can read the contents of your Gmail drafts, intercept your search queries inside Google, and observe your browsing patterns across every tab — including banking sites, legal research, and communications tools.
The surveillance model is not meaningfully different from the tracking pixels embedded in marketing emails. Both operate silently, in the background, collecting behavioral signals — what you search, what you open, when, and from where — without alerting you. The difference is the attack surface: tracking pixels target your inbox passively, while malicious extensions compromise the entire browser.
Extensions that claim to enhance AI productivity are a growing vector. Users who want to reduce their surveillance footprint should audit their installed extensions the same way they audit email tracking: regularly, with skepticism about permissions, and with particular attention to anything that requests access to all sites. You can also review how email tracking pixels work and how to block them to see how similar the surveillance models are.
What To Do If You Installed the Extension
Google removed "Search for perplexity ai" (extension ID: flkebkiofojicogddingbdmcmkpbplcd) from the Chrome Web Store following Microsoft's responsible disclosure. If you had it installed, Chrome may have disabled it automatically — but removal from the store does not guarantee removal from your browser.
- Check your installed extensions — Open Chrome and go to chrome://extensions. Look for any extension named "Search for perplexity ai" or anything using the ID flkebkiofojicogddingbdmcmkpbplcd. Remove it immediately.
- Reset your default search engine — Go to Chrome Settings → Search engine, and verify or restore your preferred search provider.
- Rotate critical account passwords — As a precaution, change passwords for accounts you may have logged into while the extension was active, prioritizing email, banking, and work accounts.
- Review all installed extensions — Use this as an opportunity to remove any extension you no longer actively use or cannot verify came from a trusted developer.
The legitimate Perplexity AI browser extension is available directly from Perplexity's official website and through the official Chrome Web Store listing by Perplexity AI Inc. Always verify the publisher name and review count before installing any extension that claims to represent a known product.
How to Audit Browser Extensions for Privacy
Every extension installed in your browser is a potential surveillance point. A well-designed extension limits its permissions to exactly what it needs; a poorly designed or malicious one requests access to everything and uses only some of it — until it doesn't.
- Go to chrome://extensions and review each installed extension. Remove anything you do not recognize or actively use.
- Click "Details" on each extension to see its permissions. Any extension requesting access to "all websites" should be scrutinized carefully.
- Prefer extensions from developers with a verifiable track record, published privacy policies, and source code that can be reviewed.
- Use the built-in Chrome permission controls to restrict extensions to "On click" or specific sites rather than granting blanket access.
The same discipline applies to email. Malicious Chrome extensions that track searches and email tracking pixels operate on the same principle: they collect your behavioral data silently and at scale, because you never stopped to check what permissions you granted.