Popular Chrome and Edge extensions turned rogue, spying on millions by logging site visits and redirecting users to shady URLs.
In a sinister twist of fate, a sneaky malware operation called Redirection has secretly compromised over 2.3 million users by taking control of popular Chrome and Edge extensions. The extensions originated as reputable tools, having excellent ratings and “verified” status in browser stores. But behind the scenes, they were quietly compromised to be used for spying on users and controlling their online activity.
How Legit Extensions Turned Rogue?
Originally functional and beneficial, the affected extensions, such as Color Picker, SearchGTP, and Emoji Keyboard, were later updated to contain malicious code. Each time users browsed a website, the extensions reported information to a remote server associated with a specific user ID. The remote server was then able to redirect them to phony web pages or imitation download websites—all without warning.
Read this: Google Faces Record Fine of €525M for Gmail Ad Privacy
Inside the Infection Mechanism
• The malware was triggered during normal browsing
• URLs were captured and transmitted to the attacker’s server
• Users were quietly redirected to malicious content
• No phishing emails or fake pop-ups were required
Protect yourself
This malware attack highlights the imperative importance of being cautious, even with extensions that look trustworthy. Whether on Chrome or Microsoft Edge, always look for unusual behaviors, and beware of extensions that ask for unusual permissions.