More than 2 million users of Google Chrome and Microsoft Edge have fallen victim to what cybersecurity researchers at Koi Security call a “sophisticated” malware campaign—one of the largest browser hijacking operations the cybersecurity company has ever uncovered.
The campaign—dubbed RedDirection—centered on a set of 18 malicious browser extensions that available for download from both Google’s Chrome Web Store and Microsoft’s Edge Add-ons, according to a July 8 Koi Security report. All of the identified extensions, which are listed at the bottom of this article along with their ID numbers, have since been removed from both platforms.
The malicious extensions appeared legitimate, offering tools such as VPN proxies for TikTok and Discord, YouTube unblockers, weather forecasts, video speed controllers, and emoji keyboards. However, behind the scenes, they secretly enabled covert tracking of users’ browsing activity, collected URLs of visited pages, and exfiltrated unique tracking identifiers, according to Koi Security’s findings….