Microsoft has a fake extensions problem in its Microsoft Edge Store

[harlan4096]

Microsoft has a serious problem with fake extensions for its Microsoft Edge web browser that are hosted on the company's own store for the web browser.

After the removal of several fake extensions last week, Microsoft once again had to remove a fake extension. Last week, it became known that several fake extensions were removed by Microsoft that were made to look like extensions from legitimate services. Affected products were the content blocker uBlock Origin, the VPN services NordVPN, Adguard VPN and TunnelBear VPN, and other legitimate browser extensions.

Many companies and developers have not created extensions for Microsoft Edge or ported existing extensions to the Microsoft Store. The fake extensions were created and uploaded by third-parties; all used the names of popular products, likely to get users of Microsoft Edge to install these extensions without much inspection beforehand. The extensions would redirect searches through OKSearch when installed in the web browser.

The makers of Windscribe, a popular free and paid VPN providers, revealed yesterday that they have been a target as well. A fake Windscribe extension was uploaded to the Microsoft Store, and like all the others, accepted by Microsoft.
 

That was not our extensions, because MS review process is useless. Someone uploaded a modified version of the extension, and MS just approved it. We looked at it, it didn't seem to contain any actual malware at first glance, however we encourage you to change your Windscribe password.

Microsoft did flag the fake extension as malicious in the meantime. The extension is no longer available as a consequence, and users who have it installed should see it being disabled automatically in the browser. The real Windscribe extension that is created by the makers of the service is still in Microsoft's review queue.

Affected users should consider changing passwords to the service, and maybe also to other services that they signed-in while using the extension.

Microsoft's review process did not catch the fake extensions that were released to the store in the past two weeks. It is not the first time that malicious extensions were made available in the store. If Microsoft does not change the review process, it is likely that it won't be the last time that users will install fake extensions from the official Edge extensions store.

It is recommended that users check with the maker of the product to see if a browser extension for Microsoft Edge is available before installing any extension from the Microsoft Store.

Now You: Did you install any of these extensions? What needs to change in your opinion to block fake extensions outright?
...

Continue Reading