Microsoft has a fake extensions problem in its Microsoft Edge Store
#1
Information 
Quote:
[Image: microsoft-edge-extensions-fake.png]

Microsoft has a serious problem with fake extensions for its Microsoft Edge web browser that are hosted on the company's own store for the web browser.

After the removal of several fake extensions last week, Microsoft once again had to remove a fake extension. Last week, it became known that several fake extensions were removed by Microsoft that were made to look like extensions from legitimate services. Affected products were the content blocker uBlock Origin, the VPN services NordVPN, Adguard VPN and TunnelBear VPN, and other legitimate browser extensions.

Many companies and developers have not created extensions for Microsoft Edge or ported existing extensions to the Microsoft Store. The fake extensions were created and uploaded by third-parties; all used the names of popular products, likely to get users of Microsoft Edge to install these extensions without much inspection beforehand. The extensions would redirect searches through OKSearch when installed in the web browser.

The makers of Windscribe, a popular free and paid VPN providers, revealed yesterday that they have been a target as well. A fake Windscribe extension was uploaded to the Microsoft Store, and like all the others, accepted by Microsoft.
 
Quote:That was not our extensions, because MS review process is useless. Someone uploaded a modified version of the extension, and MS just approved it. We looked at it, it didn't seem to contain any actual malware at first glance, however we encourage you to change your Windscribe password.

Microsoft did flag the fake extension as malicious in the meantime. The extension is no longer available as a consequence, and users who have it installed should see it being disabled automatically in the browser. The real Windscribe extension that is created by the makers of the service is still in Microsoft's review queue.

Affected users should consider changing passwords to the service, and maybe also to other services that they signed-in while using the extension.

Microsoft's review process did not catch the fake extensions that were released to the store in the past two weeks. It is not the first time that malicious extensions were made available in the store. If Microsoft does not change the review process, it is likely that it won't be the last time that users will install fake extensions from the official Edge extensions store.

It is recommended that users check with the maker of the product to see if a browser extension for Microsoft Edge is available before installing any extension from the Microsoft Store.

Now You: Did you install any of these extensions? What needs to change in your opinion to block fake extensions outright?
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • silversurfer
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Notepad++ 8.8.2
Notepad++ v8.8.2 r...harlan4096 — 07:10
Google Chrome 138.0.7204.96/.97
Google Chrome 138....harlan4096 — 07:09
F-Secure 25.6
FSecure Knowledge ...harlan4096 — 07:07
AMD Radeon Software Adrenalin 25.6.2 dri...
Highlights  New...harlan4096 — 07:06
Facebook wants to access photos in your ...
People object to A...harlan4096 — 06:57

[-]
Birthdays
Today's Birthdays
avatar (40)optsaZes
avatar (39)RaymondViata
Upcoming Birthdays
avatar (46)dapedDow
avatar (48)TromPerl
avatar (45)RidgeDimb
avatar (36)ipumaqar
avatar (50)tanliorsPeri
avatar (42)lapedDow
avatar (48)rituabew
avatar (36)omyjul
avatar (40)papedDow
avatar (49)ArnoldFum
avatar (37)yfaza
avatar (48)Kevensi
avatar (47)ConradRoand
avatar (38)boineDon
avatar (50)spoofTum
avatar (49)WillieVot
avatar (39)Grompelbawn
avatar (40)vkseogaF
avatar (36)usogy
avatar (39)ywixazok
avatar (37)ixoqe
avatar (55)Step 1
avatar (35)pa.OpenTran

[-]
Online Staff
There are no staff members currently online.

>