Microsoft remove malicious Edge extensions from the Store pretending to be NordVPN, TunnelBear, more

Reading time icon 2 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Microsoft Edge

Some Edge users have been reporting that when they do a Google Search they are being redirected to a website oksearch.org/xa2/click.html and from there to a variety of other websites such as Amazon or Zoom.

After the issue was raised on Reddit Microsoft revealed that the issue was due to malicious extensions in the Microsoft Edge extension store which was pretending to be VPN clients.

Microsoft’s support representative on Reddit wrote:

The team has removed these extensions from our Addons store:

NordVPN
Adguard VPN
TunnelBear VPN
The Great Suspender
Floating Player – Picture-in-Picture Mode
If you were using any of these extensions installed directly from the Microsoft Edge Addon store, we suggest removing them from edge://extensions.

Microsoft also asked for the community’s help finding other extension malware, writing:

If you have more than just these extensions, and continue to see ad injections, please reply to this comment with a list of your extensions so that the team can investigate further.

The news suggests malware writers are targeting the “app gap” in the Edge extension store by filling it with fake apps. Edge users can of course install extensions directly from Google’s own extension store, though even that company struggles with malware from time to time.

To do this:

  1. Go to https://chrome.google.com/webstore/category/extensions
  2. Click on the Allow Extensions from other Stores banner button.
  3. Click on the Allow button in the second pop-up.
  4. Search for the extension you want and pay attention to the number of reviews and the review score.
  5. Click on the Add to Chrome button.

Have any of our readers been struck by this extension malware? Let us know below.

via WindowsLatest.

User forum

0 messages