A fake Perplexity Chrome extension was quietly intercepting search activity, rerouting queries through attacker-controlled infrastructure, and monitoring traffic before Google removed it from the Chrome Web Store. Microsoft’s security team says the add-on, ”Search for perplexity ai,” asked for far more access than a normal search helper should ever need, which is usually a solid clue that something is off.
The fake extension is a neat reminder that browser add-ons are now a favorite disguise for opportunistic scams. With AI tools drawing huge interest, impersonation is easy: borrow a trusted name, dress it up with a polished listing, and wait for people to click ”install” first and ask questions later.
How the fake Perplexity extension worked
According to Microsoft Threat Intelligence, the extension used ”chrome_settings_overrides” to replace the default search engine, then sent searches to ”perplexity-ai.online” before forwarding results to a legitimate provider. It also used ”declarativeNetRequest” permissions, which let it watch and modify network traffic – enough to log searches and surface real-time typing suggestions.
- Fake extension name: ”Search for perplexity ai”
- Fake domain: ”perplexity-ai.online”
- Real Perplexity domain: perplexity.ai
- Extension ID: ”flkebkiofojicogddingbdmcmkpbplcd”
What users should do now
Google has already pulled the extension, but that does not help anyone who installed it earlier. The fix is manual: open Chrome, go to chrome://extensions/, turn on Developer mode, remove the extension by ID, and reset the default search engine if it changed. If a browser tool wants broad permissions for a simple search feature, that is the kind of red flag people should trust more often.
The broader problem is not one bad listing; it is how quickly copycat extensions can exploit trust in popular services. Microsoft’s advice is dull but effective: review extensions regularly, question permission prompts, and stick to developers you actually recognize. That is less exciting than clicking the shiny AI button, but far safer.
Why browser stores keep getting fooled
This kind of scam keeps working because browser stores are policing a huge, fast-moving market where branding does half the attacker’s job. Google, Microsoft, and other platform owners have tightened review systems over time, yet malicious extensions still slip through by looking useful, timely, and boring enough to pass the sniff test. Expect more of this as AI-branded utilities keep multiplying and attackers keep betting that users will not check the domain twice.

