Fake Perplexity AI Chrome Extension Hijacks Search Queries and Logs Browsing Data
What Happened — A malicious Chrome Web Store extension titled “Search for perplexity ai” masqueraded as the legitimate Perplexity AI search assistant. Once installed, it overwrote the browser’s default search provider via chrome_settings_overrides and routed every address‑bar query through the attacker’s servers, logging the full query and browsing context. Microsoft’s threat intel team found no credential theft, but the extension’s permissions (DNR, URL rewriting, redirection) would enable it to expand data collection at any time.
Why It Matters for Compliance & Audit Readiness
- The scenario illustrates a failure of access‑control policies for browser extensions—exactly the type of control SOC 2 CC6.1 (Logical Access) is designed to protect.
- Continuous evidence of extension vetting and user‑awareness training provides a defensible audit trail that demonstrates due diligence under the SOC 2 CC6.2 (Least Privilege) and CC7 (Security Awareness) criteria.
Who Is Affected — Primarily users of Chrome browsers in technology‑SaaS, cloud‑infrastructure, and professional services environments; any organization that allows employees to install browser add‑ons without strict controls.
Recommended Actions
- Instruct all users to remove the “Search for perplexity ai” extension (ID
flkebkiofojicogddingbdmcmkpbplcd). - Enforce a whitelist‑only policy for Chrome extensions and integrate extension inventory into your endpoint‑security platform.
- Update SOC 2 access‑control policies to require documented approval and periodic review of any third‑party browser add‑ons.
- Conduct a security‑awareness refresher focused on the risks of unofficial extensions and the importance of verifying publisher authenticity.
Source: BleepingComputer
Technical Notes
- Attack vector: Malicious Chrome extension leveraging
chrome_settings_overridesand Declarative Net Request (DNR) permissions to hijack the Omnibox search flow. - Data collected: Full search queries, real‑time suggestions, and inferred browsing behavior; no credentials observed.
- Infrastructure: Requests routed to
perplexity‑ai.online, a domain mimicking the legitimateperplexity.ai.
Source: BleepingComputer