Microsoft has been forced to remove a series of malicious browser extensions from the Edge library, some of which were masquerading as popular VPN (opens in new tab) services.
Removed in late November, the Edge add-ons were found to be inserting advertisements into victims’ search results as a means of generating revenue for the operators.
In a bid to hoodwink Edge users, the add-ons were dressed up as popular VPN services NordVPN (opens in new tab), Adguard VPN and TunnelBear VPN (opens in new tab), as well as Ublock Adblock Plus, Greasemonkey and Wayback Machine.
- Check out our list of the best Windows 10 VPN (opens in new tab) services
- Here's our list of the best proxy (opens in new tab) services right now
- We've built a list of the best business VPN (opens in new tab) services available
Edge extensions ported from Chrome
A second group of dangerous extensions were found to have been ported over from original, bona fide Chrome add-ons. Malicious code was then injected and the extensions published to the Microsoft Edge add-on library.
Add-ons that fall under this category include:
- The Great Suspender
- Floating Player - Picture-in-Picture Mode
- GoBack with Backspace
- friGate CDN - smooth access to websites
- Full Page Screenshot
- One Click URL Shortener
- Guru Cleaner - cache and history cleaner
- Grammar and Spelling Checker
- Enable Right Click
- Night Shift Redux
- Old Layout for Facebook
Extensions are an important part of the modern browsing experience, allowing users to introduce additional functionality and customization in line with their specific needs.
Often, as with the above, add-ons provide a faster route to achieving an end goal (e.g. taking a screenshot of a full webpage) than would otherwise be possible with the default browser configuration.
However, it appears Microsoft has a few kinks to iron out in the vetting process for the Edge Add-ons store, which is still currently in beta. It is unclear how unauthorized third parties were able to publish add-ons in the name of reputable businesses.
Cybercriminals have long used the Chrome and Firefox extension stores to distribute malicious add-ons, so the problem is by no means unprecedented. But as the Edge user base expands, Microsoft will have to be increasingly alert to this popular attack vector.
Users that suspect they may have installed any of the offending Edge add-ons are advised to remove them via the “edge://extensions” portal.
- Here's our list of the best anonymous browsers (opens in new tab) right now
Via ZDNet (opens in new tab)