Microsoft remove malicious Edge extensions from the Store pretending to be NordVPN, TunnelBear, more

Reading time icon 2 min. read

Readers help support MSPoweruser. When you make a purchase using links on our site, we may earn an affiliate commission. Tooltip Icon

Read the affiliate disclosure page to find out how can you help MSPoweruser effortlessly and without spending any money. Read more

Microsoft Edge

Some Edge users have been reporting that when they do a Google Search they are being redirected to a website and from there to a variety of other websites such as Amazon or Zoom.

After the issue was raised on Reddit Microsoft revealed that the issue was due to malicious extensions in the Microsoft Edge extension store which was pretending to be VPN clients.

Microsoft’s support representative on Reddit wrote:

The team has removed these extensions from our Addons store:

Adguard VPN
TunnelBear VPN
The Great Suspender
Floating Player – Picture-in-Picture Mode
If you were using any of these extensions installed directly from the Microsoft Edge Addon store, we suggest removing them from edge://extensions.

Microsoft also asked for the community’s help finding other extension malware, writing:

If you have more than just these extensions, and continue to see ad injections, please reply to this comment with a list of your extensions so that the team can investigate further.

The news suggests malware writers are targeting the “app gap” in the Edge extension store by filling it with fake apps. Edge users can of course install extensions directly from Google’s own extension store, though even that company struggles with malware from time to time.

To do this:

  1. Go to
  2. Click on the Allow Extensions from other Stores banner button.
  3. Click on the Allow button in the second pop-up.
  4. Search for the extension you want and pay attention to the number of reviews and the review score.
  5. Click on the Add to Chrome button.

Have any of our readers been struck by this extension malware? Let us know below.

via WindowsLatest.

More about the topics: edge, Extensions, malware