{"id":8615,"date":"2026-06-30T11:40:56","date_gmt":"2026-06-30T11:40:56","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=8615"},"modified":"2026-06-30T11:40:56","modified_gmt":"2026-06-30T11:40:56","slug":"malicious-chromium-extension-spoofs-perplexity-ai-to-hijack-browser-searches","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=8615","title":{"rendered":"Malicious Chromium extension spoofs Perplexity AI to hijack browser searches"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Google has removed a malicious browser extension masquerading as Perplexity AI after Microsoft researchers found it was intercepting users\u2019 search traffic and routing queries through attacker-controlled servers before forwarding them to legitimate search engines.<\/p>\n<p>Microsoft Threat Intelligence said the extension masqueraded as the AI-powered answer engine to trick users into installing it. Based on its analysis, the company said the extension\u2019s primary objective was to intercept search traffic and collect browsing data while maintaining a normal browsing experience, making the activity difficult for users to detect.<\/p>\n<p>\u201cMicrosoft Threat Intelligence has identified a malicious Chromium-based extension that spoofs the AI-powered answer engine Perplexity AI to trick unsuspecting users into installing it,\u201d the company\u2019s threat intelligence team said in a <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/06\/29\/chromium-extension-uses-airelated-branding-redirect-browser-search\/\" target=\"_blank\" rel=\"noopener\">blog post<\/a>. \u201cBased on our observation of the extension\u2019s behavior, we assess its primary objective to be search traffic interception and data collection, which might enable downstream use cases such as profiling, targeted advertising, or other forms of misuse depending on operator intent.\u201d<\/p>\n<p>Microsoft said it reported the extension to Google, which subsequently removed it.<\/p>\n<p>The incident reflects a broader trend identified by Microsoft\u2019s researchers, who <a href=\"https:\/\/www.csoonline.com\/article\/4182881\/security-shifts-to-the-human-layer-as-ai-scams-surge.html\">earlier this month warned<\/a> that attackers were increasingly abusing the names and branding of popular AI platforms in phishing and malware campaigns.<\/p>\n<h2 class=\"wp-block-heading\">Extension quietly intercepted browser searches<\/h2>\n<p>Unlike traditional browser hijackers that alter search results or flood users with advertisements, the extension operated less conspicuously.<\/p>\n<p>According to Microsoft, it abused Chromium\u2019s Manifest V3 APIs to intercept searches entered through the browser\u2019s address bar, forwarding those queries through intermediary infrastructure controlled by the attacker before redirecting users to legitimate search providers. Because victims ultimately received the expected search results, the activity could remain largely unnoticed, the blog post added.<\/p>\n<p>\u201cThe use of intermediary infrastructure allows the operator to observe search traffic while maintaining the expected browsing experience,\u201d Microsoft Threat Intelligence said.<\/p>\n<p>The attack also relied on user trust rather than exploiting a browser vulnerability.<\/p>\n<p>\u201cWhat makes this interesting is that the attack doesn\u2019t really depend on exploiting a browser vulnerability. The user becomes the initial access vector,\u201d said Vibhum Dubey, an independent cybersecurity researcher and red teamer.<\/p>\n<p>Employees routinely install browser-based productivity tools, password managers, and AI assistants, making AI-branded extensions appear legitimate, Dubey said. \u201cUsers also expect AI tools to request broad permissions to access websites and browser content, allowing malicious permission requests to blend in with legitimate functionality.\u201d<\/p>\n<h2 class=\"wp-block-heading\">Why AI brands make good bait<\/h2>\n<p>For attackers, trusted AI brands are becoming increasingly attractive social engineering lures as enterprises accelerate adoption of generative AI tools.<\/p>\n<p>\u201cAttackers are following user trust,\u201d said Sushovan Mukhopadhyay, director analyst at Gartner. \u201cAs employees adopt AI tools quickly, trusted AI brands become high-value bait for social engineering.\u201d<\/p>\n<p>Browser extensions can quietly become \u201ca data collection layer inside the employee\u2019s everyday workflow,\u201d exposing sensitive search queries, browsing activity, and business context, he said.<\/p>\n<p>Mukhopadhyay said the larger issue is that enterprise AI adoption is moving faster than security governance, creating opportunities for attackers to exploit the gap between employee enthusiasm and organizational controls.<\/p>\n<h2 class=\"wp-block-heading\">A governance blind spot<\/h2>\n<p>Both experts said the harder enterprise problem is visibility.<\/p>\n<p>\u201cMost organizations have a mature process for software inventory, but very few have the same level of visibility for browser extensions,\u201d Dubey said. During security assessments, he has seen organizations maintain strict application allowlists while employees continued installing browser extensions with little or no oversight.<\/p>\n<p>Rather than looking only for known malicious extensions, security teams should monitor for risky behaviors such as changes to default search providers, requests for access to all websites, communications with domains unrelated to the claimed publisher, and extensions that seek additional permissions after installation, he said.<\/p>\n<p>Microsoft similarly recommended that organizations verify extension publishers, carefully review requested permissions, and monitor enterprise browsers for unauthorized or unapproved extensions.<\/p>\n<p>Mukhopadhyay said CISOs should begin treating browser extensions as governed enterprise software rather than personal productivity tools.<\/p>\n<p>\u201cThat means using allowlists, permission reviews, search-setting monitoring, and controls for unapproved AI tools,\u201d he said. Citing Gartner data, he said by 2029, 30% of enterprises will use secure enterprise browser technologies to improve browser extension auditing, risk profiling, and policy enforcement. <\/p>\n<p>As browsers become the primary workspace for email, SaaS applications, and AI assistants, attackers are likely to continue targeting them, Dubey said. Organizations should therefore treat browser extensions \u201cas third-party software suppliers\u201d that are reviewed, approved, and continuously monitored like any other enterprise application.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Google has removed a malicious browser extension masquerading as Perplexity AI after Microsoft researchers found it was intercepting users\u2019 search traffic and routing queries through attacker-controlled servers before forwarding them to legitimate search engines. Microsoft Threat Intelligence said the extension masqueraded as the AI-powered answer engine to trick users into installing it. Based on its [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":8616,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-8615","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8615"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8615"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8615\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/8616"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8615"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8615"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8615"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}