For years, Google and Mozilla have been fighting to prevent abusive or downright malicious browser extensions from entering their official repositories. Now Microsoft is taking up the fight.
In the past few days, people have been complaining on website forums that Google search is redirected to oksearch (.) Com when using Edge. The searches often use cdn77 (.) Org for connectivity.
After it was determined that the redirects weren't an isolated incident, the participants in this Reddit discussion reduced the list of suspects to five. All of them are fakes of legitimate add-ons. This means that while the extensions are named after legitimate developers, they are actually unrelated scammers.
The big braces
Floating Player – picture-in-picture mode
"I had the Tunnelbear extension installed, but I removed it when I found out it was causing the problem," Laurence Norah, photographer for Finding the Universe, told me via email. “It's easy to see that this is happening. When you install one of the affected extensions in Edge, open Developer Tools, and click the Sources tab, you'll see something that shouldn't be there, such as: B. ok-search.org or cdn77. "
His account matched the pictures and accounts of other forum participants. Below are two screenshots:
In a statement, Microsoft employees wrote: "We are investigating the reported extensions and will take steps to protect customers if necessary." The explanation follows the comments in this Reddit comment, in which someone identifying themselves as a community manager for Microsoft Edge states that the company is currently investigating the extensions.
"The team just updated me to let me know that anyone who sees these injections should turn their extensions off and let me know if you are still seeing them at this point," wrote the person using the MSFTMissy handle . "As soon as I have news from you, I'll update this thread accordingly."
The maker of the legitimate TunnelBear software and browser extensions told me that the add-on hosted on Microsoft's official Edge store is a fake. It is said that there is an extension on the Chrome Web Store that is also fraudulent.
"We are taking steps to remove these from both platforms and to investigate the matter with both Google and Microsoft," said a representative from TunnelBear. "It's not uncommon for popular, trusted brands like TunnelBear to be counterfeited by malicious actors."
None of the remaining four legitimate developers of the real world extensions responded to a request for comment. However, readers should remember that legitimate developers cannot be held responsible if their apps or add-ons are spoofed.
In addition to Android apps, browser extensions are one of the weak links in the online security chain. The problem is that anyone can submit them, and Google, Mozilla, and now Microsoft haven't come up with a system that will adequately verify the authenticity of the people submitting them or the security of the code.
Search engine redirects are usually part of a fraudulent revenue generation scheme by triggering ad clicks. That's probably what is happening here. While reports indicate that the add-ons do nothing but hijack legitimate searches, the permissions required offer the potential to go a lot worse. The usage rights include:
- Reading and changing all of your data on the websites you visit
- Manage your apps, extensions, and themes
- Change your privacy-related settings
Anyone who has installed any of the Edge add-ons mentioned above should remove them immediately. And the oft-repeated advice on browser extensions also applies here: (1) Only install extensions if they offer real value or benefit, and then even then take the time to read the reviews and check out the developer for signs of fraudulent use Check extension.
Updated post to add comments from TunnelBear and Microsoft.