Jump to content

Microsoft has a fake extensions problem in its Microsoft Edge Store


Karlston

Recommended Posts

Microsoft has a fake extensions problem in its Microsoft Edge Store

Microsoft has a serious problem with fake extensions for its Microsoft Edge web browser that are hosted on the company's own store for the web browser.

 

After the removal of several fake extensions last week, Microsoft once again had to remove a fake extension. Last week, it became known that several fake extensions were removed by Microsoft that were made to look like extensions from legitimate services. Affected products were the content blocker uBlock Origin, the VPN services NordVPN, Adguard VPN and TunnelBear VPN, and other legitimate browser extensions.

 

Many companies and developers have not created extensions for Microsoft Edge or ported existing extensions to the Microsoft Store. The fake extensions were created and uploaded by third-parties; all used the names of popular products, likely to get users of Microsoft Edge to install these extensions without much inspection beforehand. The extensions would redirect searches through OKSearch when installed in the web browser.

 

microsoft edge extensions fake

 

The makers of Windscribe, a popular free and paid VPN providers, revealed yesterday that they have been a target as well. A fake Windscribe extension was uploaded to the Microsoft Store, and like all the others, accepted by Microsoft.

That was not our extensions, because MS review process is useless. Someone uploaded a modified version of the extension, and MS just approved it. We looked at it, it didn't seem to contain any actual malware at first glance, however we encourage you to change your Windscribe password.

Microsoft did flag the fake extension as malicious in the meantime. The extension is no longer available as a consequence, and users who have it installed should see it being disabled automatically in the browser. The real Windscribe extension that is created by the makers of the service is still in Microsoft's review queue. Affected users should consider changing passwords to the service, and maybe also to other services that they signed-in while using the extension.

 

Microsoft's review process did not catch the fake extensions that were released to the store in the past two weeks. It is not the first time that malicious extensions were made available in the store. If Microsoft does not change the review process, it is likely that it won't be the last time that users will install fake extensions from the official Edge extensions store.

 

It is recommended that users check with the maker of the product to see if a browser extension for Microsoft Edge is available before installing any extension from the Microsoft Store.

 

 

Microsoft has a fake extensions problem in its Microsoft Edge Store

Link to comment
Share on other sites


  • Replies 2
  • Views 636
  • Created
  • Last Reply
zanderthunder

That's why I rather use Chrome Web Store to download the extensions, as their extensions are heavily vetted and reviewed before published.

Link to comment
Share on other sites


"The two incidents suggest that users need to be very careful when installing extensions from the Microsoft Edge extensions store as Microsoft's protections are as weak as Google's protections on the Chrome Web Store." (https://www.ghacks.net/2020/11/23/be-careful-when-you-install-microsoft-edge-extensions-from-the-microsoft-store/)

 

"Google declined to explain how the latest spyware compared with prior campaigns, the breadth of the damage, or why it did not detect and remove the bad extensions on its own despite past promises to supervise offerings more closely." (https://nypost.com/2020/06/18/google-chrome-flaw-results-in-32-million-malware-downloads/)

 

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...