Microsoft Edge Having Malicious Extensions
Hackers targeting browser extensions are so common since they’re not so deeply monitored as system apps. While we’ve seen many malicious instances with chrome extensions, recording them in Microsoft’s Edge is new.
Microsoft Edge Having Malicious ExtensionsImpersonating BrandsPorted Malicious Extensions
This is because Chrome having two-thirds of the desktop market share, while Edge is now growing up.
Yet, threat actors and spammers found exploiting extensions in the Edge Add-ons portal. As per reports, Microsoft has removed about 18 extensions from its Edge Add-ons portal for maliciously injecting ads into search results. While some of them were reported by few users on Reddit (1, 2, 3), other such malicious extensions were found in Microsoft’s subsequent investigation. All those extensions reported can be classified into two categories;
Impersonating Brands
NordVPN Adguard VPN TunnelBear VPN Ublock Adblock Plus Greasemonkey Wayback Machine
These are being duped extensions of original brands that don’t have any official browser extensions actually. And;
Ported Malicious Extensions
The Great Suspender Floating Player – Picture-in-Picture Mode Go Back With Backspace friGate CDN – smooth access to websites Full Page Screenshot One Click URL Shortener Guru Cleaner – cache and history cleaner Grammar and Spelling Checker Enable Right Click FNAF Night Shift Redux Old Layout for Facebook
These extensions are available in Chrome, which was ported to Edge Add-ons portal and then added malicious code later. Thus, Microsoft in its report asked users to remove any of these add-ons of added from the edge://extensions.
