How come 300k Chrome & Edge users got hit by this new malware? Here's what you need to know

It poses as add-ons for popular games & video players like Roblox and VLC.

Reading time icon 2 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Key notes

  • A malware campaign has affected over 300,000 Chrome and Edge users through malicious browser extensions.
  • The campaign disguises itself as popular game and video player add-ons, often evading antivirus detection.
  • A similar issue occurred in Visual Studio’s marketplace, exposing major security flaws.
Hacker, deepfake illustration

A worrying report has been circulating among Google Chrome and Microsoft Edge users recently, saying that a widespread malware campaign has impacted “in total at least 300,000 users” across these two popular browsers via something as simple as a web browser extension.

But how come?

ReasonLabs, a cybersecurity firm, has released its recent study on how browser extensions have become a major target for malware. Basically, the campaign forcibly installs harmful extensions on these browsers by disguising itself and posting as add-ons for popular online games and video players, like Roblox and VLC Media Player.

It’s been around since 2021, at least, and its effects range from simple adware to more dangerous scripts that can steal data and execute commands. The worst part of the campaign is that most antivirus engines fail to detect it, and it can also prevent the browser from updating. It also gets reactivated every day.

“Countless users across the web are complaining about an extension that they cannot get rid of, even posting complaints on the extension page on the Chrome or Edge store – stating that it is a virus that they cannot get rid of, they don’t know how it appeared, and it keeps returning after attempts to remove it,” the report reads.

If you’re affected by the campaign, you need to delete both the malicious browser extension and its malware.

A somewhat similar campaign also happened to Visual Studio users, but it was done as a part of research.

Researchers have exposed serious security flaws in the VSCode Marketplace by creating a fake extension called “Darcula” that mimicked a popular one and collected sensitive data from users. This extension gained rapid traction, and the investigation revealed over 1,200 malicious extensions with a combined total of 229 million installs.

User forum

0 messages