Check Now – 18 Trusted Web Browser Extensions Discovered Stealing Your Data

Researchers from Kai Security have identified eighteen extensions (add-ons) for Google’s Chrome and Microsoft’s Edge website browsers, some of which are both well rated and widely installed, that have been stealthily used to hide a Trojan infection that can hijack your browser and steal personal data. Worse is that 2.3 million users have installed one of them.

The extensions themselves are often quite clever in the sense that they actually deliver on the features they claim in public and often only add the Trojan much later (sometimes years later). As a result, many of them have been around for years, earning good reviews and a degree of trust. Not to mention that Microsoft and Google clearly have not previously discovered any problems via their limited checks and balances.

“This isn’t some obvious scam extension thrown together in a weekend. This is a carefully crafted Trojan horse that delivers exactly what it promises while simultaneously hijacking your browser, tracking every website you visit, and maintaining a persistent command and control backdoor. Not only that, but it remained legitimate for years before becoming malicious through a version update,” said Idan Dardikman of Kai Security about one of the identified extensions.

Due to how Google and Microsoft handle browser extension updates, these malicious versions auto-installed themselves silently, often without end-users needing to click anything. “No phishing. No social engineering. Just trusted extensions with quiet version bumps that turned productivity tools into surveillance malware,” added Idan. “Every click, every website visit, every online transaction becomes a potential attack vector.”

Kai Security first discovered this while investigating the ‘Color Picker, Eyedropper — Geco colorpick‘ extension, before later identifying it as being just the tip of a “sophisticated cross-platform network” of eighteen malicious extensions spanning both Chrome and Edge stores, all sharing the same hijacking functionality. The team have dubbed this as the RedDirection campaign.

The extensions span across a diverse set of categories including emoji keyboards, weather forecasters, video speed controllers, VPN proxies for Discord and TikTok, dark themes, volume boosters, and YouTube unblockers. But if you’ve read this far, then you’d probably rather we just skipped ahead to list the ones you need to check and remove.

Source: Kofi Acquah