Web browser extensions are as useful as they are dangerous. Thanks to them, we can provide web browsers with all kinds of functions that, by default, are not available. However, having access to all browser data, they can also be used to spy on and steal all kinds of data. Sooner or later, all browsers have gone through stages where their respective extension stores have been filled with all kinds of malware. And now it is the turn of the new Edge, Microsoft‘s browser.
The controls that Microsoft applies over its stores are practically null. In the past (and even today) we have seen a lot of malicious content within the Microsoft Store that only seeks to deceive users. Now, as expected, it is the turn of the browser extensions store, which has more and more malicious content.
Before the change to Chromium, the number of extensions available for Edge was practically nil. However, after the engine change, the browser not only became automatically compatible with all Chrome extensions, but it greatly facilitated the work of developers, who with a couple of changes can adapt and upload their extensions to the Microsoft’s own platform.
The problem, when things are so easy, is that it is abused.
Hundreds of malicious extensions on the Edge Store
As several users have shown, the Edge extension store currently has hundreds of malicious extensions within it. This number has grown exponentially in recent months, as the Microsoft browser has begun to gain popularity and come installed by default in the operating system.
Microsoft has started investigating many of the extensions accused of bringing malware and has removed many of them. Some of the more popular extensions that have been removed from the Edge store are:
- NordVPN
- Adguard VPN
- TunnelBear VPN
- The Great Suspender
- Floating Player -Picture -in Picture Mode
Obviously, these were not official extensions, but plugins uploaded by other users in order to impersonate the official ones. Its main purpose was to redirect user traffic through other search engines and inject ads on websites that would generate extra income for hackers.
What to do if we have a malicious extension installed in the browser
These extensions are no longer available, so we will not be able to install them even by mistake. However, if we have installed any of them before, a message will appear in the list of browser extensions that will tell us that the extension contains malware. And from there we can uninstall it.
If we have come across a malicious extension, in addition to uninstalling it, it is necessary to carry out a series of additional actions. For example, we must verify that the browser’s search engine has not been affected, and all traffic is still sent through Bing, Google or the engine that we use. We must also verify that there is no proxy configured in Edge, nor that the DNS of our PC has been changed.
In addition, it would also be advisable to change our passwords . We don’t really know what these extensions do or what information they collect. Therefore, for safety, it is advisable to change them, taking advantage of the passage to use a more secure one.
Finally, we can also restore Edge to its original values to leave the browser as it is installed from scratch on the PC, eliminating any unauthorized extensions, add-ons or settings.
