Browser extensions are tracking users’ online activity

Every day, millions of people install small browser ad-ons, which believe that productivity or entertainment will improve. With several options available on the Chrome web store, users often rely on trust markers such as install count, user reviews and developers reputation to make their choice. Many look at the bright verification badge and five-starah ratings, assuming that the veating process was solid, and click “Install” without thinking twice.

But the attackers have started taking advantage of these many signs. Researchers recently highlighted an expedition, where 18 browser extensions are listed on all official chrome and edge web stores, tracked users’ online activity. These extensions had already installed more than 2 million.

Sign up for my free cyber report
Distribute my best technical tips, immediate safety alerts, and exclusive deals directly into your inbox. In addition, you will get immediate access to my final scam survival guide – when you join me Cyberguy.com/newsletter

How hackers are hiding malware in popular chrome extensions

KOI security researchers found that the attackers used long -term, strategic strategy to make the browser extensions weapons. First, he released functional and legitimate utilities to achieve the user trust. Over time, these extensions collected positive reviews and created a solid reputation. Then, after months or years of cool operations, the attackers pushed a silent update, which injected malicious scripts into the reliable codebase.

Since these updates came directly from official sources, they easily sidelined corporate firewalls. Unlike fishing email or shady downloads, malicious codes arrive through regular, automatic updates and did not pick up red flags immediately.

How malicious chrome extension detection and spread

As the investigation proceeded, the researchers seek back to the suspected traffic that a harmless color picker discovered back to the extension. It took them to a cluster of connected domains, each acting as a command and control hub. These servers recorded commands to record each URL users and forced to redirect fake websites or advertising landing pages.

Subsequently, the team analyzed more closely and open matching fingerprint of the code of extension in several unrelated tools. These included Weather Widget, Emoji Keyboard, Video Speed Controller and Volume Booster. Although they appeared separately on the surface, they shared the underlying code and behavior.

How 432 robots are transferred to a 7,500 tonnes of historical building

Together, these extensions reached more than two million establishments. To avoid detection, the attackers used separate branding and categories for each one, making it difficult to spot patterns for marketplace monitor. More than that, many extensions took a verified badge, showing how the attackers manipulated automated review systems using malicious version updates.

Now the complete list of dangerous chrome and edge extension to uninstall

The first priority listed extension for affected users has been immediately removed, followed by completely cash clearing and full system scans. Check your computer to see if you have any malicious extensions, and if you do, get rid of them.

• Emoji Keyboard Online (Chrome)
• Free weather forecast (chrome)
• Unlock discord (chrome)
• Dark Theme (Chrome)
• Quantity maximum (chrome)
• Unlocked tiktok (chrome)
• Unlock youtube vpn (chrome)
• Geco Colorpick (Chrome)
• Season (chrome)
• Flash Video Player (Chrome)
• Unlock Ticketk (Edge)
• Volume booster
• Web sound equalizer
• Header value (edge)
• Flash player (edge)
• YouTube unblock (edge)
• Searchgpt (Edge)
• Unlock discord (edge)

You should take immediate action

If you have any extension related to the Reddirection Campaign set up, take these stages immediately to protect your data and equipment:

• Remove all affected extensions immediately From both chrome and age browser.
• Clean your browser data Stored tracking to eliminate identifiers.
• Run a full system malware scan Using reputed antivirus software to detect any additional danger.
• Close your online accountsY for any unusual or suspicious activity, especially if you reach sensitive sites, while the extensions were active.
• Review all your installed extensions For any suspicious behavior or unknown origin, and remove anything that you recognize or do not believe.

6 ways you can protect yourself from malicious extensions

1) Check your accounts for abnormal activity: If you have accessed accessible sites (such as online banking), while the extension was active, review those accounts and immediately change your password for suspicious behavior. Consider using a password manager, which safely stores and generates complex passwords, reducing the risk of reusing the password.

What is Artificial Intelligence (AI)?

Check the best expert-review password managers of 2025 Cyberguy.com/passwords

2) Enable two-factor authentication (2fa): Wherever it is supported, on 2FA, add an additional layer of safety to your accounts. This can prevent unauthorized access, even if you have a password agreement.

3) Use strong antivirus software: Even though these malicious extensions come from the official store and update automatically, strong antivirus software can help detect suspicious activities such as hidden trackers, injected scripts or unauthorized redirects. Antivirus scans a significant layer of safety by scanning for dangers that can recall browsers alone, but should be combined with safe browsing habits for best results.

Get my pics for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices Cyberguy.com/Lockupyourtch

4) Reset your browser settings: Restore your browser in your default position can lead to unwanted changes in your homepage, search engine or other settings.

Get Fox Business when you click here

5) See for safety alert: Keep an eye on your emails and texts for login warning or access alert from the services you use. These can help you see unauthorized activity quickly.

6) Use a browser with extension permission control: Some browser let you limit what data extensions can access (eg, “only on click” or “only on specific sites”). This can reduce the risk of future attacks.

Kurt’s key to Techway

Browser extensions can be helpful, but they also carry hidden risks. As this case shows the case, even reliable equipment from official shops can be malicious without warnings. This is why it pays to be vigilant, regularly reviews its extension, and uses strong antivirus protection. Some simple habits can lead a long way to protect your browser and your personal data.

Click here to get Fox News app

Do you rely on ratings and reviews when choosing an extension, or you dig deep? Write us and tell us Cyberguy.com/Contact

Sign up for my free cyber report
Distribute my best technical tips, immediate safety alerts, and exclusive deals directly into your inbox. In addition, you will get immediate access to my final scam survival guide – when you join me Cyberguy.com/newsletter

Copyright 2025 cyberguy.com. All rights reserved.