Skip to main content

Malicious Microsoft Edge extensions are mimicking popular VPN apps

Microsoft Edge
(Image credit: Shutterstock / monticello)
Audio player loading…

Microsoft has been forced to remove a series of malicious browser extensions from the Edge library, some of which were masquerading as popular VPN (opens in new tab) services.

Removed in late November, the Edge add-ons were found to be inserting advertisements into victims’ search results as a means of generating revenue for the operators.

In a bid to hoodwink Edge users, the add-ons were dressed up as popular VPN services NordVPN (opens in new tab), Adguard VPN and TunnelBear VPN (opens in new tab), as well as Ublock Adblock Plus, Greasemonkey and Wayback Machine.

Edge extensions ported from Chrome

A second group of dangerous extensions were found to have been ported over from original, bona fide Chrome add-ons. Malicious code was then injected and the extensions published to the Microsoft Edge add-on library.

Add-ons that fall under this category include:

  • The Great Suspender
  • Floating Player - Picture-in-Picture Mode
  • GoBack with Backspace
  • friGate CDN - smooth access to websites
  • Full Page Screenshot
  • One Click URL Shortener
  • Guru Cleaner - cache and history cleaner
  • Grammar and Spelling Checker
  • Enable Right Click
  • FNAF
  • Night Shift Redux
  • Old Layout for Facebook

Extensions are an important part of the modern browsing experience, allowing users to introduce additional functionality and customization in line with their specific needs.

Often, as with the above, add-ons provide a faster route to achieving an end goal (e.g. taking a screenshot of a full webpage) than would otherwise be possible with the default browser configuration.

However, it appears Microsoft has a few kinks to iron out in the vetting process for the Edge Add-ons store, which is still currently in beta. It is unclear how unauthorized third parties were able to publish add-ons in the name of reputable businesses.

Cybercriminals have long used the Chrome and Firefox extension stores to distribute malicious add-ons, so the problem is by no means unprecedented. But as the Edge user base expands, Microsoft will have to be increasingly alert to this popular attack vector.

Users that suspect they may have installed any of the offending Edge add-ons are advised to remove them via the “edge://extensions” portal.

Via ZDNet (opens in new tab)

Joel Khalili
Joel Khalili

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.