Uninstall every Chrome and Edge extension listed below
A large-scale malicious browser extension campaign has been identified by cybersecurity firm Koi Security, impacting users of both Google Chrome and Microsoft Edge. The campaign involves 18 extensions, initially legitimate tools such as color pickers, VPNs, video controllers, and emoji keyboards, which have been surreptitiously transformed into surveillance malware[1][2][3].
The malicious extensions, continuing to function as advertised, have been found to log user activity and redirect browsing sessions to potentially harmful sites[1][2][3]. This covert operation is facilitated by the extensions' auto-update mechanisms, allowing for the injection of malicious code[1][3].
Each extension uses separate domains, giving the impression of separate operators, but they all share the same centralized attack infrastructure[1]. Some of the identified malicious extensions include the Color Picker, Eyedropper - Geco colorpick, Emoji Keyboard Online - Copy&paste your emoji, Free Weather Forecast, Volume Max - Ultimate Sound Booster, and Vide (with unclear specific functionality)[3].
The campaign has affected up to 1.7 million or more Google Chrome users and at least 600,000 Microsoft Edge users[3][5]. Notable extensions on the Edge Add-ons store include "Unlock TikTok", "Volume Booster", "Web Sound Equalizer", "Header Value", "Flash Player", "YouTube Unblocked", "SearchGPT", and "Unlock Discord"[2][3].
Google has already removed the dangerous extensions from the Chrome Store, while Microsoft has yet to provide an update for Edge users[3]. Users are advised to delete all listed suspicious extensions immediately, clear browsing data to remove tracking identifiers, run a full system malware scan, monitor accounts for suspicious activity, review all installed extensions for similar suspicious behavior, and visit sensitive sites with caution[2][3].
Security teams have warned users to delete the 18 specific extensions due to their threat to users, with millions of installations[5][3]. This incident underscores the importance of vigilance in maintaining the security of personal devices and online activities. Always check for official announcements or updates from security researchers for the most current list of potentially dangerous extensions.
[1] - [2] - [3] - [4] - [5] -
- In light of the ongoing malicious browser extension campaign affecting both Google Chrome and Microsoft Edge, it is essential for users to update or delete their chrome extensions, particularly those listed as Color Picker, Eyedropper - Geco colorpick, Emoji Keyboard Online - Copy&paste your emoji, Free Weather Forecast, Volume Max - Ultimate Sound Booster, and Vide, as they pose a threat to cybersecurity and data-and-cloud-computing.
- As the malicious activities of the identified extensions, such as logging user activity and redirecting browsing sessions, demonstrate, technology has become a critical battleground in the realm of cybersecurity, emphasizing the need for continuous vigilance and updates.
