Some Edge users have been reporting that when they do a Google Search they are being redirected to a website oksearch.org/xa2/click.html and from there to a variety of other websites such as Amazon or Zoom.

After the issue was raised on Reddit Microsoft revealed that the issue was due to malicious extensions in the Microsoft Edge extension store which was pretending to be VPN clients.

Microsoft’s support representative on Reddit wrote:

The team has removed these extensions from our Addons store:

NordVPN
Adguard VPN
TunnelBear VPN
The Great Suspender
Floating Player – Picture-in-Picture Mode
If you were using any of these extensions installed directly from the Microsoft Edge Addon store, we suggest removing them from edge://extensions.

Microsoft also asked for the community’s help finding other extension malware, writing:

If you have more than just these extensions, and continue to see ad injections, please reply to this comment with a list of your extensions so that the team can investigate further.

The news suggests malware writers are targeting the “app gap” in the Edge extension store by filling it with fake apps. Edge users can of course install extensions directly from Google’s own extension store, though even that company struggles with malware from time to time.

To do this:

  1. Go to https://chrome.google.com/webstore/category/extensions
  2. Click on the Allow Extensions from other Stores banner button.
  3. Click on the Allow button in the second pop-up.
  4. Search for the extension you want and pay attention to the number of reviews and the review score.
  5. Click on the Add to Chrome button.

Have any of our readers been struck by this extension malware? Let us know below.

via WindowsLatest.

Comments