After receiving several complaints from users, Microsoft investigated and removed about 18 extensions from its Edge Add-ons portal. These extensions were reportedly involved in malicious activities like injecting ads into users’ search results. While some were classified as impersonating original brands, some were just ported from Chrome extensions.
Microsoft Edge Having Malicious Extensions
Hackers targeting browser extensions are so common since they’re not so deeply monitored as system apps. While we’ve seen many malicious instances with chrome extensions, recording them in Microsoft’s Edge is new.
This is because Chrome having two-thirds of the desktop market share, while Edge is now growing up.
Yet, threat actors and spammers found exploiting extensions in the Edge Add-ons portal. As per reports, Microsoft has removed about 18 extensions from its Edge Add-ons portal for maliciously injecting ads into search results.
While some of them were reported by few users on Reddit (1, 2, 3), other such malicious extensions were found in Microsoft’s subsequent investigation. All those extensions reported can be classified into two categories;
Impersonating Brands
- NordVPN
- Adguard VPN
- TunnelBear VPN
- Ublock Adblock Plus
- Greasemonkey
- Wayback Machine
These are being duped extensions of original brands that don’t have any official browser extensions actually. And;
Ported Malicious Extensions
- The Great Suspender
- Floating Player – Picture-in-Picture Mode
- Go Back With Backspace
- friGate CDN – smooth access to websites
- Full Page Screenshot
- One Click URL Shortener
- Guru Cleaner – cache and history cleaner
- Grammar and Spelling Checker
- Enable Right Click
- FNAF
- Night Shift Redux
- Old Layout for Facebook
These extensions are available in Chrome, which was ported to Edge Add-ons portal and then added malicious code later. Thus, Microsoft in its report asked users to remove any of these add-ons of added from the edge://extensions.
