Microsoft removed malicious extensions from its Edge Extensions Store

Microsoft maintains an extensions store similar to the stores maintained by Mozilla and Google. Users of the new Edge web browser may download and install extensions from that store or from the official Chrome Web Store.

Mozilla’s and Google’s extensions store had issues with spam, malware, and privacy-invading extensions in the past. Mozilla tried to address the problem with the introduction of the Firefox Recommended Extensions program; extensions in the program go through a verification process that includes code analysis before they are published on Mozilla AMO.

Tip: check out our guide that helps you find out if a Chrome extension is safe.

And Microsoft? The company’s extensions store for Microsoft Edge surpassed the 1000 listed extensions mark a few months ago and it looked like as if it would finally get some traction. Not all is positive though when it comes to the store.

The developer of the popular dark mode extension Dark Reader noticed recently that copycat extensions appeared on the Microsoft Store and also on Mozilla AMO. He analyzed the extensions like any good developer would do and noticed that they were replicas of Dark Reader. More worrying than that was that they included malicious code that was hidden inside a png file.

A malicious code was hidden and encoded in a *.png file. In 5 days it downloaded and executed another code, that was collecting data from web pages using fake forms, and later sent this data to a remote server.

The developer contacted Microsoft and the company removed the offending extensions from its Extensions Store. Users of the new Edge browser who have installed the malicious extension should see it flagged when they open the list of installed extensions in the Microsoft browser.

microsoft store-extension contains malware

The warning “This extension contains malware” should be displayed underneath the extension.

Closing Words

The big three extensions stores had to deal with problematic extensions in the past and it looks as if this won’t change anytime soon. Extensions of Mozilla’s recommended extensions program for Firefox are probably the safest option when it comes installing browser extensions because of the program’s strict rules.

Risks can be minimized, for instance by analyzing the code and the manifest of extensions before installing them, or by focusing on a handful of highly regarded extensions by trusted developers.

Now You: Do you vet extensions before you install them? (via Techdows)

Thank you for being a Ghacks reader. The post Microsoft removed malicious extensions from its Edge Extensions Store appeared first on gHacks Technology News.

Source link

Leave a Reply

Do NOT follow this link or you will be banned from the site!