Latest news with #ChromeWebStore
Fox News
14-07-2025
- Fox News
Malicious browser extensions caught spying on 2 million users
Every day, millions of people install tiny browser add-ons they believe will improve productivity or entertainment. With so many options available on the Chrome Web Store, users often rely on trust markers like install counts, user reviews and developer reputation to make their choice. Many glance at shiny verification badges and five-star ratings, assume the vetting process was solid, and click "Install" without thinking twice. But attackers have started to exploit these very signals. Researchers recently uncovered a campaign where 18 browser extensions, all listed on the official Chrome and Edge Web Stores, tracked users' online activity. These extensions had already racked up more than 2 million installs. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Koi Security researchers discovered that attackers used long-term, strategic tactics to weaponize browser extensions. First, they released functional and legitimate utilities to gain user trust. Over time, these extensions collected positive reviews and built a solid reputation. Then, after months or even years of quiet operation, the attackers pushed a silent update that injected malicious scripts into the trusted codebase. Since these updates came directly from official sources, they easily bypassed corporate firewalls. Unlike phishing emails or shady downloads, the malicious code arrived through routine, automatic updates and raised no immediate red flags. As the investigation progressed, researchers traced suspicious traffic back to a seemingly harmless color picker extension. This led them to a cluster of connected domains, each acting as a command and control hub. These servers recorded every URL users visited and issued commands to force redirects to fake websites or ad-heavy landing pages. Next, the team analyzed the extension's code more closely and uncovered matching fingerprints in several unrelated tools. These included weather widgets, emoji keyboards, video speed controllers and volume boosters. Although they appeared different on the surface, they shared underlying code and behavior. Together, these extensions reached over two million installations. To avoid detection, the attackers used separate branding and categories for each one, making it difficult for marketplace monitors to spot patterns. Even more concerning, many of the extensions carried a verified badge, which shows how attackers manipulated automated review systems using malicious version updates. The first priority for affected users is immediate removal of the listed extensions, followed by thorough cache clearing and full system scans. Check your computer to see if you have any of these malicious extensions, and if you do, get rid of them. If you have any of the extensions linked to the RedDirection campaign installed, take these steps right away to protect your data and devices: 1) Check your accounts for unusual activity: If you accessed sensitive sites (like online banking) while the extension was active, review those accounts for suspicious behavior and change your passwords immediately. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse. Check out the best expert-reviewed password managers of 2025 at 2) Enable two-factor authentication (2FA): Add an extra layer of security to your accounts by turning on 2FA wherever it's supported. It can prevent unauthorized access even if your password is compromised. 3) Use strong antivirus software: Even though these malicious extensions come from official stores and update automatically, strong antivirus software can help detect suspicious activities such as hidden trackers, injected scripts or unauthorized redirects. Antivirus adds a crucial layer of protection by scanning for threats that browsers alone might miss, but it should be combined with safe browsing habits for best results. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at 4) Reset your browser settings: Restoring your browser to its default state can reverse unwanted changes to your homepage, search engine or other settings. 5) Watch for security alerts: Keep an eye on your email and texts for login warnings or access alerts from services you use. These can help you spot unauthorized activity early. 6) Use a browser with extension permission controls: Some browsers let you limit what data extensions can access (e.g., "only on click" or "only on specific sites"). This can reduce the risk of future attacks. Browser extensions can be helpful, but they also carry hidden risks. As this case shows, even trusted tools from official stores can turn malicious without warning. That is why it pays to stay alert, review your extensions regularly, and use strong antivirus protection. A few simple habits can go a long way in keeping your browser and your personal data safe. Do you rely on ratings and reviews when choosing extensions, or do you dig deeper? Let us know by writing us at Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Copyright 2025 All rights reserved.
Scottish Sun
10-07-2025
- Scottish Sun
All Chrome users must delete 11 apps downloaded over two million times NOW as experts issue ‘tracker' warning
Add-ons can steal browser activity and redirect users to potentially unsafe web addresses APP-SURD All Chrome users must delete 11 apps downloaded over two million times NOW as experts issue 'tracker' warning Click to share on X/Twitter (Opens in new window) Click to share on Facebook (Opens in new window) THOUSANDS of Chrome users are being urged to delete immediately certain apps that pose a security risk. It comes after experts issued a "tracker" warning on 11 apps that have been downloaded more than two million times. Sign up for Scottish Sun newsletter Sign up 1 Chrome is used by billion of people every day Credit: Apple The apps can track users, steal browser activity, and redirect to potentially unsafe web addresses. 3.45b users choose Chrome to surf the web Chrome is the most popular internet browser with an estimated 3.45 billion users, according to the latest statistics. Most of the add-ons provide the advertised functionality and pose as legitimate tools like colour pickers, VPNs, volume boosters, and emoji keyboards. Researchers at Koi Security, a company providing a platform for security self-provisioned software, discovered the malicious extensions in Chrome Web Store and reported them to Google. Researchers noted that many of those extensions are verified. They also report hundreds of positive reviews, and were featured prominently on the Chrome Web Store. This, the researchers note, could have misled users about their safety. Add-ons to check and remove Users should check for the following add-ons in Chrome browser and remove them as soon as possible: Color Picker, Eyedropper — Geco colorpick Emoji keyboard online — copy&paste your emoji Free Weather Forecast Video Speed Controller — Video manager Unlock Discord — VPN Proxy to Unblock Discord Anywhere Dark Theme — Dark Reader for Chrome Volume Max — Ultimate Sound Booster Unblock TikTok — Seamless Access with One-Click Proxy Unlock YouTube VPN Unlock TikTok Weather One of them, Volume Max — Ultimate Sound Booster, has also been flagged by LayerX researchers last month, who warned about its potential for spying on users. However, no malicious activity could be confirmed at the time. Urgent warning to delete 2 dangerous apps that STEAL all photos & blackmail you According to the researchers, the malicious functionality is implemented in the background service worker of each extension using the Chrome Extensions API, registering a listener that is triggered every time a user navigates to a new webpage. The listener captures the URL of the visited page and exfiltrates the information to a remote server along with a unique tracking ID for each user. The server can respond with redirection URLs, hijacking the user's browsing activity and potentially taking them to unsafe destinations that may enable cyberattacks. Although the possibility is there, it should be noted that Koi Security has not observed malicious redirections in their testing. Cybercriminals at large It comes after researchers at Koi Security discovered cybercriminals have also planted malicious extensions in the official store for Microsoft Edge, which shows a total count of 600,000 downloads. "Combined, these eighteen extensions have infected over 2.3 million users across both browsers, creating one of the largest browser hijacking operations we've documented," the researchers said. They recommend users remove all listed extensions immediately, clear the browsing data to purge any tracking identifiers, check the system for malware, and monitor accounts for suspicious activity. Google has confirmed that all the extensions Koi Security discovered have now been removed from the Chrome Web Store, according to Bleeping Computer.
The Irish Sun
10-07-2025
- The Irish Sun
All Chrome users must delete 11 apps downloaded over two million times NOW as experts issue ‘tracker' warning
THOUSANDS of Chrome users are being urged to delete immediately certain apps that pose a security risk. It comes after experts issued a "tracker" warning on 11 apps that have been downloaded more than two million times. Advertisement 1 Chrome is used by billion of people every day Credit: Apple The apps can track users, steal browser activity, and redirect to potentially unsafe web addresses. 3.45b users choose Chrome to surf the web Most of the add-ons provide the advertised functionality and pose as legitimate tools like colour pickers, VPNs, volume boosters, and emoji keyboards. Researchers at Koi Security, a company providing a platform for security self-provisioned software, discovered the Advertisement READ MORE TECH NEWS Researchers noted that many of those extensions are verified. They also report hundreds of positive reviews, and were featured prominently on the Chrome Web Store. This, the researchers note, could have misled users about their safety. Add-ons to check and remove Users should check for the following add-ons in Chrome browser and remove them as soon as possible: Advertisement Most read in Tech Exclusive Color Picker, Eyedropper — Geco colorpick Emoji keyboard online — copy&paste your emoji Free Weather Forecast Video Speed Controller — Video manager Unlock Discord — VPN Proxy to Unblock Discord Anywhere Dark Theme — Dark Reader for Chrome Volume Max — Ultimate Sound Booster Unblock TikTok — Seamless Access with One-Click Proxy Unlock YouTube VPN Unlock TikTok Weather One of them, Volume Max — Ultimate Sound Booster, has also been flagged by LayerX researchers last month, who warned about its potential for spying on users. However, no malicious activity could be confirmed at the time. Urgent warning to delete 2 dangerous apps that STEAL all photos & blackmail you According to the researchers, the malicious functionality is implemented in the background service worker of each extension using the Chrome Extensions API, registering a listener that is triggered every time a user navigates to a new webpage. The listener captures the URL of the visited page and exfiltrates the information to a remote server along with a unique tracking ID for each user. Advertisement The server can respond with redirection URLs, Although the possibility is there, it should be noted that Koi Security has not observed malicious redirections in their testing. Cybercriminals at large It comes after researchers at Koi Security discovered cybercriminals have also planted malicious extensions in the official store for "Combined, these eighteen extensions have infected over 2.3 million users across both browsers, creating one of the largest browser hijacking operations we've documented," the researchers said. Advertisement They recommend users remove all listed extensions immediately, clear the browsing data to purge any tracking identifiers, check the system for malware, and monitor accounts for suspicious activity. Google has confirmed that all the extensions Koi Security discovered have now been removed from the Chrome Web Store, according to Bleeping Computer. The 11 apps on Chrome that pose a security risk Here are the 11 apps that Chrome users are being urged to delete NOW. Color Picker, Eyedropper — Geco colorpick Emoji keyboard online — copy&paste your emoji Free Weather Forecast Video Speed Controller — Video manager Unlock Discord — VPN Proxy to Unblock Discord Anywhere Dark Theme — Dark Reader for Chrome Volume Max — Ultimate Sound Booster Unblock TikTok — Seamless Access with One-Click Proxy Unlock YouTube VPN Unlock TikTok Weather
Express Tribune
09-07-2025
- Express Tribune
Malicious Google Chrome extensions might be killing your system: Find out which ones
11 malicious extensions, with a total of 1.7 million downloads, have been found on Google's Chrome Web Store, posing significant risks to users by tracking their browsing activity and potentially redirecting them to harmful websites. The discovery was made by researchers at Koi Security, a platform for security self-provisioned software, who alerted Google to the issue, and was reported first by Bleeping Computer. The malicious extensions, which masquerade as useful tools such as color pickers, VPNs, volume boosters, and emoji keyboards, have received positive reviews and have been prominently featured on the store, making them appear legitimate to unsuspecting users. However, many of these extensions, despite being initially safe, later received updates that introduced malicious code. Some of the extensions have been removed from the Web Store, but many remain accessible. Users are advised to check for and uninstall the following extensions immediately: Color Picker, Eyedropper — Geco colorpick Emoji Keyboard Online — Copy&paste your emoji Free Weather Forecast Video Speed Controller — Video manager Unlock Discord — VPN Proxy to Unblock Discord Anywhere Dark Theme — Dark Reader for Chrome Volume Max — Ultimate Sound Booster Unblock TikTok — Seamless Access with One-Click Proxy Unlock YouTube VPN Unlock TikTok Weather One of the extensions, 'Volume Max — Ultimate Sound Booster', had previously been flagged by LayerX researchers for potential spying, although no malicious activity was confirmed at the time. The core issue lies in the background service worker of each extension, which uses the Chrome Extensions API to track users. A listener is triggered when users visit new webpages, capturing the URL and sending it to a remote server with a unique tracking ID. This server can then redirect users to unsafe sites, potentially leading to cyberattacks. However, Koi Security's testing has not yet observed any active redirections. The malicious code was not present in the initial versions of these extensions but was added later through updates. Google's auto-update system silently deployed these updated versions to users without their consent or interaction. This suggests that the extensions may have been compromised by external actors over time. ⚠️ Over 1.7 MILLION users impacted! Malicious Chrome extensions were found lurking on the Web Store. Is your browser safe? Check your extensions now! #ChromeSecurity #Cybersecurity — X CyberSec (@xcybersecnews) July 9, 2025 Further investigation revealed that similar malicious extensions had been found in the official store for Microsoft Edge, which have garnered 600,000 downloads. In total, the malicious extensions across both browsers have affected over 2.3 million users, marking one of the largest browser hijacking operations in recent memory. Koi Security recommends that users remove the listed extensions immediately, clear their browsing data to remove tracking identifiers, scan their systems for malware, and monitor their accounts for any suspicious activity.
Tom's Guide
08-07-2025
- Tom's Guide
Nearly 2 million people hit by malicious Chrome installations that can track you — what to do now
Almost a dozen malicious extensions found in Google's Chrome Web Store have been downloaded 1.7 million times. According to Bleeping Computer, these unsafe add-ons are still largely able to act as legitimate tools but meanwhile they're also able to to track browser activity, track users, and potentially redirect users to web addresses that could spread malware. Discovered by researchers at Koi Security, a company that provides a platform for security self-provisioned software, the extensions in question range from VPNs and weather forecasters to themes and keyboards. The researchers also reported the extensions to Google; while some of them have been removed, some continue to be available. The extensions in question are: At least one of those, Volume Max – Ultimate Sound Booster – has been previously flagged by a different set of researchers who were concerned about its potential for spying on users. Many of the extensions are verified, have hundreds of positive reviews and are prominently featured, which not only misleads users about their safety but also may indicate that these extensions were hijacked by threat actors who then introduced malicious code. Because malicious code was introduced at a later time via updates and because Google's auto update system will deploy the newest version to users without requiring user interaction, the code was rolled out to users without them knowing. The Chrome Extensions API is used by the malicious extensions to execute their functionalities in the background, registering a listener that is triggered every time a user navigates to a new webpage. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. This listener captures the URL of the new webpage and exfiltrates the information to a remote server with a tracking ID for each user; the remote server can respond with redirection URLs, which hijacks the user's browsing activity and could potentially take them to unsafe destinations. This could lead to cyberattacks (though is not something that Koi Security observed in their testing). Koi Security also discovered similar behavior in the official store for Microsoft Edge, with a total of 600,000 downloads – combined, this creates one of the largest browser hijacking operations the researchers say they've ever documented. First, remove any and all of the listed extensions from your machine. Then make sure to clear all of your browsing data to get rid of any trackers or tracking identifiers. Next, check your system for malware by running a scan using your antivirus software. Keep an eye on your accounts and monitor them for any suspicious or unusual activity. Many antivirus programs have features that can help you keep track of your accounts, watch the dark web, or have features like identity monitoring.
