Listen to the episode
TLDR
Malicious Chrome extension spoofs Perplexity AI to intercept your searches Microsoft Threat Intelligence uncovered a rogue Chromium extension posing as the AI search engine Perplexity AI. Hosted on the typosquatted domain perplexity...
How it works
Malicious Chrome extension spoofs Perplexity AI to intercept your searches Microsoft Threat Intelligence uncovered a rogue Chromium extension posing as the AI search engine Perplexity AI. Hosted on the typosquatted domain perplexity...
Red flags
- Extension name and icons imitate a well known AI brand (Perplexity AI) but link to a look alike domain such as perplexity ai[.]online , not the official site. It aggressively requests broad permissions (MV3 declarativeNetRequest , default search override, access to typed characters) far beyond what a simple search tool needs. Search queries and live suggestions are routed through an intermediary server before reaching the legitimate engine, enabli
What to do
- 1Do not click, pay, install apps, or share verification codes.
- 2Verify through the official website, app, or phone number typed manually.
- 3If you already interacted, block cards or accounts and report the incident.
Source
microsoft-security
Source reviewed by Mythos Forensic Team
https://www.microsoft.com/en-us/security/blog/2026/06/29/chromium-extension-uses-airelated-branding-redirect-browser-search/FAQ
Is Malicious browser extension spoofs Perplexity AI to hijack searches and harvest data a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
Extension name and icons imitate a well known AI brand (Perplexity AI) but link to a look alike domain such as perplexity ai[.]online , not the official site. It aggressively requests broad permissions (MV3 declarativeNetRequest , default search override, access to typed characters) far beyond what a simple search tool needs. Search queries and live suggestions are routed through an intermediary server before reaching the legitimate engine, enabli
What should I do first?
Do not click, pay, install apps, or share verification codes.; Verify through the official website, app, or phone number typed manually.; If you already interacted, block cards or accounts and report the incident.
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.