More than 2.3 million Google Chrome and Microsoft Edge users had their browsers hijacked as part of the RedDirection attack campaign involving 18 nefarious extensions, according to The Register.
Malicious extensions included VPN proxies for TikTok and Discord, YouTube unblockers, weather forecasts, video speed controllers, and emoji keyboards, which not only worked as intended but also facilitated covert browsing activity surveillance, URL gathering, and unique tracking ID exfiltration activities, a report from Koi Security showed. Further analysis revealed that malware had been added to the extensions much later through updates. "Due to how Google and Microsoft handle browser extension updates, these malicious versions auto-installed silently for over 2.3 million users across both platforms, most of whom never clicked anything," said Koi Security analyst Idan Dardikman. Individuals using the malicious extensions have been urged to promptly uninstall them and erase their browser data while remaining vigilant on potentially illicit account activity.
Malicious extensions included VPN proxies for TikTok and Discord, YouTube unblockers, weather forecasts, video speed controllers, and emoji keyboards, which not only worked as intended but also facilitated covert browsing activity surveillance, URL gathering, and unique tracking ID exfiltration activities, a report from Koi Security showed. Further analysis revealed that malware had been added to the extensions much later through updates. "Due to how Google and Microsoft handle browser extension updates, these malicious versions auto-installed silently for over 2.3 million users across both platforms, most of whom never clicked anything," said Koi Security analyst Idan Dardikman. Individuals using the malicious extensions have been urged to promptly uninstall them and erase their browser data while remaining vigilant on potentially illicit account activity.




