Browser extensions are tracking users’ online activity

Millions of people every day Install tiny browser add-ons They believe that they will improve productivity or entertainment. With so many options in the Chrome weaving shop, users often rely on trust markers such as installation counts, user ratings and developer calls to make their choice. Many throw shiny review badges and five-star ratings, assume that the review process was solid, and click “Install” twice.

But attackers have started to use these signals. The researchers recently uncovered a campaign in which 18 browser extensions, all of which are listed in the official Chrome and Edge -Web stores, pursued the online activity of the users. These extensions had already expanded more than 2 million installations.

Register for my free Cyberguy report
Get my best tech tips, urgent security warnings and exclusive offers that are delivered directly to your inbox. You will also receive immediate access to my ultimate fraud survival manual – free of charge if you join me Cyberguy.com/newsletter

How Hacker Malware hide in popular chrome extensions

Koi security researchers found that attackers used long-term strategic tactics to weapons browser extensions. First, they published functional and legitimate service programs to win user trust. Over time, these extensions collected positive reviews and built up a solid call. Then, after months or even years of calm operation, the attackers pushed a stylish update that injected malicious scripts into the trustworthy code base.

Since these updates came directly from official sources, they easily avoided the firewalls from companies. In contrast to phishing -e -mails or shady downloads, the malicious code came through routine, automatic updates and did not increase immediate red flags.

How malignant chrome extensions of recognition escape and spread out

In the course of the investigation, researchers stood pursued suspicious traffic Back to an apparently harmless color picker. This led them to a cluster of connected domains, each of which acted as a command and control point. All URL users have recorded these servers and commanded commands to force forwarding to falsify websites or ad-haavy landing pages.

Next, the team analyzed the code of expansion more precisely and discovered suitable fingerprints in several non -related tools. This included weather widgets, emoji keyboards, video speed controllers and volume controls. Although they appeared differently on the surface, they shared the underlying code and behavior.

Like 432 robots lay a 7,500-ton historical building

Together, these extensions reached over two million installations. In order to avoid recognition, the attackers used for every separate branding and categories, which made it difficult for the market monitors to create patterns. Even more about many of the extensions carried a verified badge, which shows how attackers manipulated automated review systems using malicious version updates.

Full list of dangerous chrome and edge extensions to uninstall now

The first priority for affected users is the immediate removal of the listed extensions, followed by thorough cache delete and complete system scans. Check your computer to see if you have one of these malicious extensions, and if you do this, remove them.

• Emoji keyboard online (Chrome)
• Free weather forecast (Chrome)
• Unlock discord (chrome)
• Dark topic (chrome)
• Volume max (chrome)
• Unlock tikk (chrome)
• Switch on YouTube VPN (Chrome) free
• GECO Colorpick (Chrome)
• Weather (chrome)
• Flash video player (Chrome)
• TIKTOK (edge) unlock
• Volume committee (edge)
• Web Sound Equalizer (edge)
• Header value (edge)
• Flash Player (edge)
• YouTube unlocked (edge)
• Searchgpt (edge)
• Unlock discord (edge)

Immediate measures that you should take

If you have installed one of the extensions with the Reddirektion campaign, take these steps immediately Protect your data and devices:

• Remove all affected extensions immediately Both from chrome and edge browsers.
• Delete your browser data to remove stored tracking identifiers.
• Perform a full system malware scan Use of reputable antivirus software for recognizing additional threats.
• Monitor your online accountsY for unusual or suspicious activities, especially if you have accessed sensitive areas while the extensions were active.
• Check all your installed extensions For suspicious behavior or unknown origins and remove everything you do not recognize or trust.

6 possibilities that you can protect against malicious extensions

1) Check your accounts for unusual activities: If you have accessed sensitive websites (such as online banking) while the expansion was active, check these accounts for suspicious behavior and change your passwords immediately. Consider using a password manager that safely stores and generates complex passwords, which reduces the risk of reuse of passwords.

What is artificial intelligence (AI)?

Take a look at the best expert-well-maintained password managers from 2025 at Cyberguy.com/passwords

2) Activate the two-factor authentication (2FA): Add an additional security level to your accounts by switching on 2FA everywhere. It can prevent unauthorized access, even if your password is affected.

3) Use strong antivirus software: Although these malicious extensions come from official shops and are automatically updated, strong antivirus software can help recognize suspicious activities such as hidden trackers, injected scripts or non -authorized forwarding. Antivirus adds a crucial protective layer by scanning them after threats that the browsers may miss alone, but it should be combined with safe browser habits to achieve the best results.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com/lockupyourtech

4) Return your browser settings: Restoring your browser into its standard condition can reverse undesirable changes to your homepage, your search engine or other settings.

Get Fox Business on the go by clicking here

5) Pay attention to security warnings: Keep an eye on your e -mails and texts for registration warnings or access warnings from the services you use. These can help you to recognize non -authorized activities early.

6) Use a browser with expansion authorization controls: With some browsers you can limit which data extensions can access (e.g. “only on click” or “only on certain websites”). This can reduce the risk of future attacks.

Kurts important snack bar

Browser extensions can be helpful, but they also form hidden risks. As in this case, trustworthy tools from official shops without warning show malicious. Therefore, it is worth staying vigilant, checking your extensions regularly and using strong antivirus protection. A few simple habits can keep a major contribution to the safety of your browser and your personal data.

Click here to get the FOX News app

Do you rely on reviews and reviews when choosing extensions or dig deeper? Let us know by writing us Cyberguy.com/contact

Register for my free Cyberguy report
Get my best tech tips, urgent security warnings and exclusive offers that are delivered directly to your inbox. You will also receive immediate access to my ultimate fraud survival manual – free of charge if you join me Cyberguy.com/newsletter

Copyright 2025 Cyberguy.com. All rights reserved.