Microsoft took action by removing 18 malicious Edge extensions that were hijacking users' web searches, including NordVPN, Wayback Machine and One Click URL Shortener.
- Microsoft Edge hands-on review: The Chrome killer has arrived
- New Microsoft Edge tool might convince you to abandon Google Chrome
Microsoft removes 18 Edge Add-ons after receiving complaints of web-search hijacking
Suspicions about the integrity of several Microsoft Edge Add-ons arose when users took to Reddit to complain about their web searches being hijacked and redirected to advertisements.
"I have an issue that's popped up literally today where when I Google search something, clicking on a result will occasionally redirect me to an advertisement," a Redditor said. "I suspect it's Edge. I haven't installed anything in the past several weeks other than Tetris Effect Connected."
Others chimed in to alert Microsoft that they, too, are experiencing similar problems. "I'm having exactly the same issue with occasional redirects to [malicious url]," A poster with the moniker savyzzyz said.
Microsoft Edge wasn't the only subreddit hit with complaints. Redditors have also flocked to the Techsupport subreddit to seek a solution for their web search ills. "For a 1-2 weeks, about once a day, I'll click on a link in a Google search and instead it will redirect to [malicious url], which then itself redirects to another site," a Redditor complained.
Based on the feedback from both subreddits, Microsoft investigated the issue, flagged 18 extensions as malicious, and removed them from the Edge add-ons platform. The Redmond-based tech giant discovered that there were a group of fake extensions masquerading as genuine add-ons. For example, while NordVPN has a Google Chrome extension, it does not have an Edge Add-on. Malicious actors bamboozled Edge users into installing malware by impersonating real extensions.
Besides NordVPN, other false Edge Add-ons included Adguard VPN, TunnelBear VPN, Ublock Adblock Plus, Greasemonkey and Wayback Machine.
Another slew of extensions was posing as official Edge Add-ons but featured malicious code that irked users. This included Full Page Screenshot, Grammar and Spelling Checker, FNAF and Guru Cleaner.
"If you were using any of these extensions installed directly from the Microsoft Edge Addon store, we suggest removing them from edge://extensions," a Microsoft spokesperson said in the Edge subreddit. "I massively appreciate everyone's diligence in helping nail this down."
Extensions and add-ons are yet another avenue that cybercriminals use to hijack victims' internet activity. Keep an eye out for counterfeit Edge Add-ons that have their genuine counterparts on Firefox and Chrome.