{"id":154323,"date":"2025-07-08T20:27:39","date_gmt":"2025-07-08T20:27:39","guid":{"rendered":"https:\/\/teknomers.com\/en\/in-chrome-and-edge-there-are-extensions-that-have-thousands-of-positive-reviews-however-many-of-these-are-involved-in-malicious-campaigns\/"},"modified":"2025-07-08T20:27:41","modified_gmt":"2025-07-08T20:27:41","slug":"in-chrome-and-edge-there-are-extensions-that-have-thousands-of-positive-reviews-however-many-of-these-are-involved-in-malicious-campaigns","status":"publish","type":"post","link":"https:\/\/teknomers.com\/en\/in-chrome-and-edge-there-are-extensions-that-have-thousands-of-positive-reviews-however-many-of-these-are-involved-in-malicious-campaigns\/","title":{"rendered":"In Chrome and Edge, there are extensions that have thousands of positive reviews. However, many of these are involved in malicious campaigns."},"content":{"rendered":"\n

Beware the Hidden Dangers of Browser Extensions<\/h2>\n

In the era of \u00a0digital convenience\u00a0, many users rely on browser extensions to enhance their online experience. These tools streamline tasks, improve productivity, and add functionalities that often come in handy. With over \u00a0100,000 installations\u00a0 for seemingly harmless extensions, it’s easy to understand why people trust them without a second thought. However, recent research has unveiled a dark side lurking behind some of these popular tools. <\/p>\n

<\/p>\n

According to an investigation by Koi Security, several well-rated extensions became conduits for malicious surveillance systems. Initially, these extensions provided useful features, such as color picking and video control. Yet, unbeknownst to the users, they transformed over time into \u00a0spyware\u00a0 that tracked users indiscriminately across the web.<\/p>\n

<\/p>\n

The Extension That Exposed the Threat<\/h2>\n

The spotlight fell on “Picker Color, Eyedropper – Geco Colorpick,” an extension with over \u00a0100,000 users\u00a0 and a plethora of positive reviews. For a long time, it functioned smoothly, allowing users to select colors from their screen without issues. Users had no reason to doubt its legitimacy, and trust was bolstered by a verification seal.<\/p>\n

<\/p>\n

Yet, this reputable tool underwent a sinister change. As revealed by Koi Security researchers, in an unnoticed update, the extension began to \u00a0monitor web activity\u00a0, capturing URLs and sending sensitive information to a remote server. Additionally, it maintained a covert connection to a control infrastructure, effectively turning it from a tool into a surveillance mechanism.<\/p>\n

<\/p>\n

A Broader Network of Deception<\/h2>\n

The investigation unveiled that “Picker Color” was just the tip of the iceberg. Researchers traced a web of at least \u00a018 different extensions\u00a0 that operated similarly, collectively amassing over \u00a02.3 million installations\u00a0. These deceptive extensions masqueraded as productivity tools, entertainment aids, and even \u00a0VPN services\u00a0 designed to unlock popular platforms like TikTok and Discord. Despite their apparent legitimacy, their real goal was both simple and sinister: to spy on users while appearing benign.<\/p>\n

<\/p>\n

What set these extensions apart from conventional malware? They employed a \u00a0“browser hijacking”\u00a0 technique activated whenever users opened new tabs or navigated between pages. This was stealthily embedded within the extension’s service, making it almost impossible for users to detect its malicious behavior.<\/p>\n

<\/p>\n

\n
\n

\"Malicious\n <\/div>\n<\/div>\n

This mechanism involved sending the page URL to a remote database alongside a unique user identifier. Attackers then had the capability to redirect users to malicious sites or simply log their browsing habits\u2014all occurring silently, without prompting any alerts or visible failures.<\/p>\n

<\/p>\n

Time-Bomb of Trust<\/h2>\n

One particularly alarming aspect of this issue is that these extensions were not malicious from the outset. Many had evolved over time, offering genuine functionalities before unleashing their \u00a0nefarious updates\u00a0. Researchers posited that this made the campaign especially dangerous; by the time users noticed the changes, they had developed trust in the extensions.<\/p>\n

<\/p>\n

After users had downloaded these extensions, the malicious code snuck in through subsequent updates\u2014a tactic that required no clicks, no social engineering, and no phishing attacks. The automatic updates applied the changes seamlessly, leaving users oblivious to the risk.<\/p>\n

<\/p>\n

The Overlooked Safeguards<\/h2>\n

Even more concerning, several of these malicious extensions had been verified or promoted within the Chrome and Edge stores, misleading countless users. Their popularity further masked their malicious intent as they garnered reviews and loyal user bases.<\/p>\n

<\/p>\n

Here are some of the extensions identified in the \u00a0Reddirection campaign\u00a0 by Koi Security:<\/p>\n

<\/p>\n