Edge gets its own slew of malicious add-ons under the names of legitimate services

Pete Flint

Posts: 39   +7
What just happened? A number of Microsoft Edge users have reported strange redirections from Google searches with no unexpected addons in their browser. After some serious Reddit sleuthing, several seemingly legitimate browser extensions have been found to cause this malware behavior.

Many reading this may have experience with malicious browser add-ons. You open Chrome or Firefox, and your homepage is redirected to a strange, unfamiliar search engine. Or perhaps you spy an odd new toolbar above your bookmarks “fueled by” one of these companies or engines where buttons and search bars take you to malware-ridden sites.

Google and Mozilla have been fending off abusive extensions, add-ons, and settings-altering “VPN services” for years. At one time, browser extensions were viewed as the Wild Wild West by cybersecurity companies because these add-ons, in theory, had full access to the contents of the web page – even email and banking details.

Google later stepped up, removing malicious extensions, and wrote user privacy policies that required apps and companies to request consent and take minimal user information. For their part, Google also set up a reward program to encourage the cybersecurity community to hunt down qualifying vulnerabilities.

With the growing user base of the Edge browser, Microsoft has entered the fray. In recent days, Edge users have flagged Google searches that redirected to a site called oksearch, often via cdn77(.)org, which then reportedly redirected to various other sites.

Some proactive Redditers discovered that these complaints were a recurring theme and managed to trace them back to a few suspected sources. These fake extensions used the names of legitimate applications to grab user attention and have since been flagged to Microsoft.

The abusive malware functioned under the names:

  • NordVPN
  • Adguard VPN
  • TunnelBear VPN
  • The Great Suspender
  • Floating Player – Picture-in-picture Mode
  • Greasemonkey

It is possible this is not an exhaustive list, but the extension companies have been made aware of the malware, and an Edge Community Manager has confirmed that the offending extensions discovered so far have been removed from the Edge Add-on store.

Malware like this typically gains revenue through ad-clicks, but the real danger is that they do not follow the guidelines set up by browser privacy policies. User information made available on the browser through these add-ons can be extracted and used for malicious purposes.

If you have installed one of the above extensions, either remove it immediately or ensure that it is the legitimate add-on produced by the company. If you experience any of the odd redirections mentioned, check your extension list, even recently deleted extensions, and report the behavior to your browser's distributor.

Permalink to story.

 

Avro Arrow

Posts: 1,150   +1,279
TechSpot Elite
Another reason that I love Firefox the most, the privacy protection. Software like NordVPN and TunnelBear are full software suites, not just browser extensions.

To anyone who doesn't already know this, browser add-ons and toolbars that are offered to you are like drugs. Just say NO. Legit browser extensions don't offer to install themselves, they must be chosen from the Firefox (or Chrome) extension list. Anything that offers to install an extension is not to be trusted.
 

bviktor

Posts: 381   +680
Yay, I had Greasemonkey installed instead of Tampermonkey. Guess why... because the internet said it's safer cuz it's open source :D

Edge gave me a vivid warning and removed it, so hopefully all is well now...
 

lazer

Posts: 385   +117
Why would anyone who is tech oriented choose to use Edge over Chrome or FF or Opera?
 

bviktor

Posts: 381   +680
Why would anyone who is tech oriented choose to use Edge over Chrome or FF or Opera?

Opera is owned by the Chinese, Firefox is slow AF, and Chrome is owned by Google with their lovely "bugs" like "accidentally" deleting all cookies upon request, except for Google owned sites. If I have to choose between Google and MS, it's a definite MS. Edge is fast, often faster than Chrome according to benchmarks, and I like how it integrates with my outlook.com and Windows accounts.