What happened
Published June 29, 2026 by Microsoft Defender Security Research. A malicious Chromium extension impersonating the AI answer engine Perplexity AI uses MV3 APIs and intermediary infrastructure to redirect browser search traffic. The extension exploits consumer trust in popular AI product branding to achieve persistence and search hijacking at scale.
Why it matters
Demonstrates a new threat vector: AI brand spoofing as a delivery mechanism for browser malware. As AI tools become household names, attackers are weaponizing that trust. Defenders need browser extension policies that validate extension provenance, not just permissions — standard MV3 APIs are being abused here.
Applicability
Enterprise security teams managing browser extension policies (especially Chrome/Edge fleets); SOC teams should add AI-branded extension IOCs to their detection rules.