Close Menu
News JournosNews Journos
  • World
  • U.S. News
  • Business
  • Politics
  • Europe News
  • Finance
  • Turkey Reports
  • Money Watch
  • Health
Facebook X (Twitter) Instagram
Latest Headlines:
  • Nvidia’s Jensen Huang Courts Beijing Amid Renewed Market Access in China
  • Volcanic Eruption in Iceland Forces Evacuation of Tourists from Blue Lagoon as Lava Approaches Grindavik
  • Humanity Faces Significant Losses, Says Spokesperson
  • Gun Seller Backed by Donald Trump Jr. Launches Stock Trading
  • Lightning Strike in New Jersey Leaves 1 Dead, 13 Injured
  • Used EV Batteries Poised to Power AI Growth
  • UK Inflation Data Reveals Key Trends for June
  • Hijacked Small Plane Grounds Flights at Vancouver International Airport
  • Experts Warn of Vulnerabilities in Federal E-Verify System Following Workplace Raids
  • Trial Commences Over Alleged Facebook Privacy Violations Involving CEO and Others
  • Controversy Surrounds Franco-Israeli Singer Amir at Francofolies de Spa Festival
  • Newsom Criticizes Trump’s National Guard Move, Urges Maturity
  • Potential Consequences of Trump’s Dismissal of Fed Chair Powell
  • Prince Harry Honors Diana’s Legacy by Advocating Against Landmines in Angola
  • Tsunami Warning Lowered to Advisory Following 7.2 Magnitude Earthquake near Alaska
  • Goldman Sachs Reports Q2 2025 Earnings Results
  • Rubio Calls Israeli Strike on Damascus a ‘Misunderstanding’ Amid Peace Efforts
  • Complete Skeleton of Medieval Knight Discovered Beneath Former Ice Cream Parlor in Poland
  • James Gunn Discusses “Superman”: Release Date, Character’s Immigrant Story, and Themes of Kindness
  • Assembly Discusses Olive Grove; Tanal’s Brief Action Sparks Varank’s Controversial Remarks
Facebook X (Twitter) Instagram
News JournosNews Journos
Subscribe
Sunday, August 3
  • World
  • U.S. News
  • Business
  • Politics
  • Europe News
  • Finance
  • Turkey Reports
  • Money Watch
  • Health
News JournosNews Journos
Browser Extensions Monitor User Online Activity

Browser Extensions Monitor User Online Activity

News EditorBy News EditorJuly 14, 2025 Tech 5 Mins Read

Recent findings have revealed a concerning trend involving malicious browser extensions that have gained traction among users. Researchers discovered that 18 extensions on the official Chrome and Edge Web Stores, which had collectively amassed over two million installs, were secretly tracking users’ online activities. This situation underscores the vulnerabilities present in ostensibly safe tools that many individuals rely on for productivity and entertainment.

Article Subheadings
1) The Anatomy of the Attack: Understanding the Malicious Extensions
2) Techniques Employed by Attackers to Evade Detection
3) Identifying Dangerous Extensions: A List of Affected Add-ons
4) Immediate Actions to Protect Your Data and Devices
5) Long-term Strategies for Browser Security

The Anatomy of the Attack: Understanding the Malicious Extensions

According to researchers from Koi Security, attackers have adopted sophisticated methods to compromise popular browser extensions. Initially, they create legitimate, functional utilities designed to gain user trust over time. These tools earn positive reviews and build a solid reputation. After establishing themselves in this way, the malicious actors push silent updates that introduce harmful scripts into the previously trustworthy code base.

This nefarious approach poses a significant threat as updates come directly from official sources, allowing them to bypass corporate firewalls easily. Unlike phishing tactics that rely on users to click on dubious links or downloads, these malicious updates are often unnoticed and occur seamlessly, raising no immediate concerns for users.

Techniques Employed by Attackers to Evade Detection

As part of their investigation, researchers traced suspicious traffic to extensions that appeared harmless initially. One such tool was a seemingly innocuous color picker extension, which led them to a network of connected domains functioning as command and control centers. These servers actively recorded every URL visited by users and instructed them to redirect to fake websites or ad-heavy landing pages.

Upon closer examination of the extension’s code, the research team found similar fingerprints across various other tools, which included seemingly unrelated applications like weather widgets and volume boosters. Despite a varied appearance, these extensions shared the same underlying code and behaviors, demonstrating how diverse tactics can conceal their malicious nature.

The attackers employed distinct branding strategies and categorized their extensions differently to complicate marketplace monitoring. As a result, recognizing patterns among these extensions remained challenging, even for vigilant observers. More alarmingly, many of these add-ons boast verified badges, a testament to how attackers can manipulate automated review systems, allowing harmful updates to slip through the cracks.

Identifying Dangerous Extensions: A List of Affected Add-ons

For users who may have unwittingly installed these malicious extensions, the first step is to identify and remove them immediately. Affected extensions include:

  • Emoji Keyboard Online (Chrome)
  • Free Weather Forecast (Chrome)
  • Unlock Discord (Chrome)
  • Dark Theme (Chrome)
  • Volume Max (Chrome)
  • Unblock TikTok (Chrome)
  • Unlock YouTube VPN (Chrome)
  • Geco Colorpick (Chrome)
  • Weather (Chrome)
  • Flash Video Player (Chrome)
  • Unlock TikTok (Edge)
  • Volume Booster (Edge)
  • Web Sound Equalizer (Edge)
  • Header Value (Edge)
  • Flash Player (Edge)
  • YouTube Unblocked (Edge)
  • SearchGPT (Edge)
  • Unlock Discord (Edge)

Immediate Actions to Protect Your Data and Devices

Immediate removal of the listed extensions is crucial for protecting personal data and devices. Users should take the following steps:

  • Remove all affected extensions immediately from both Chrome and Edge browsers.
  • Clear your browser data to eliminate stored tracking identifiers.
  • Run a full system malware scan using reputable antivirus software to detect any additional threats.
  • Monitor your online accounts closely for unusual or suspicious activity, especially if you accessed sensitive sites while the extensions were active.
  • Review all your installed extensions for any suspicious behavior or unknown origins, and remove anything you don’t recognize or trust.

Long-term Strategies for Browser Security

Beyond immediate actions, developing long-term strategies to ensure browser security is essential. Here are several recommended practices:

  • Check your accounts for unusual activity: If you accessed sensitive sites while the extension was active, review those accounts for suspicious behavior. Change passwords as necessary.
  • Enable two-factor authentication (2FA): For added security, activate 2FA on accounts that offer this feature.
  • Use strong antivirus software: Regular scans can help identify hidden threats that conventional browser checks might miss.
  • Reset your browser settings: Default browser settings can undo unauthorized modifications stemming from malicious extensions.
  • Stay alert for security alerts: Being vigilant regarding notifications from services you use can help you detect unauthorized activity early.
  • Utilize a browser with extension permission controls: Limiting what data extensions can access reduces the risk of future attacks.
No. Key Points
1 18 harmful browser extensions were discovered, affecting over 2 million users.
2 Attackers initially released legitimate tools to gain user trust before injecting malicious scripts.
3 Users are urged to remove affected extensions and clear their browser data.
4 Enabling two-factor authentication offers additional security for online accounts.
5 Regular reviews of installed extensions can help maintain browser security.

Summary

The discovery of malicious browser extensions that have been tracking users highlights the critical need for vigilance in online environments. With attackers using trusted avenues to deliver harmful updates, individuals must take proactive measures to protect themselves. Uninstalling suspicious extensions and implementing better security practices are essential steps toward safeguarding personal data in an increasingly complex digital landscape.

Frequently Asked Questions

Question: How can I identify if a browser extension is malicious?

Look for unusual behavior, such as excessive permissions requested by the extension or unexpected changes in browser settings. Reading user reviews and checking for verified badges can also provide initial assurance, but they are not foolproof.

Question: What should I do if I suspect I have malicious extensions installed?

Immediately remove any suspect extensions from your browser, clear your cache, and run a malware scan using reputable antivirus software to detect any additional issues.

Question: How often should I review my browser extensions?

It is advisable to review your browser extensions regularly, perhaps every few weeks, to ensure that you only keep those that you actively use and trust.

Activity Artificial Intelligence Blockchain browser Cloud Computing Consumer Electronics Cybersecurity Data Science E-Commerce Extensions Fintech Gadgets Innovation Internet of Things Mobile Devices Monitor online Programming Robotics Software Updates Startups Tech Reviews Tech Trends Technology user Virtual Reality
News Editor
  • Website

As the News Editor at News Journos, I am dedicated to curating and delivering the latest and most impactful stories across business, finance, politics, technology, and global affairs. With a commitment to journalistic integrity, we provide breaking news, in-depth analysis, and expert insights to keep our readers informed in an ever-changing world. News Journos is your go-to independent news source, ensuring fast, accurate, and reliable reporting on the topics that matter most.

Keep Reading

Tech

Used EV Batteries Poised to Power AI Growth

6 Mins Read
Tech

Qatar Unveils Ambitious 3D-Printed Schools Initiative to Revolutionize Education

5 Mins Read
Tech

Cyborg Beetles Equipped with Backpacks Could Assist in Search and Rescue Operations

1 Min Read
Tech

Scammers Use Landline Identity Theft to Access Bank Accounts

6 Mins Read
Tech

Jack Dorsey Launches Bitchat App for Offline Messaging

5 Mins Read
Tech

Tesla Introduces Off-Grid Solar-Powered Oasis Supercharger

5 Mins Read
Mr Serdar Avatar

Serdar Imren

News Director

Facebook Twitter Instagram
Facebook X (Twitter) Instagram Pinterest
  • About Us
  • Get In Touch
  • Privacy Policy
  • Accessibility
  • Terms and Conditions
© 2025 The News Journos. Designed by The News Journos.

Type above and press Enter to search. Press Esc to cancel.