See, this is why we can’t have good things! In what is very much the first such case, a malware has been found in an extension for the new Microsoft Edge web browser.
Goes without saying that this ascent has been noticed by cybercriminals too, who are now targeting Edge with malicious code. Of course, the browser now runs on the same engine that powers Google Chrome, meaning it is capable of running any extension published in the Chrome Web Store.
Which, Microsoft, coincidentally, recommends.
At the same time, the company also maintains its own addons store, where it publishes extensions that have been previously verified and validated for Edge.
All this means that these extensions are prone to various infections that could end up with end users being exposed to malware.
And this is what recently happened.
An addon that went by the name of “Dark Theme for Edge” snuck up as a clone of the more famous Dark Reader extensions. And it came with code hidden in a PNG file that downloaded and executed other malicious code from a C&C server.
Once the attack was complete, the extension became capable of collecting data from webpages using fake forms, and then upload it to a server controlled by the attacked.
The usual stuff.
Luckily, the developer of the original addon quickly got in touch with Microsoft, and the software titan responded quickly and removed the extension from its store. Furthermore, in order to protect these computers, Redmond also uninstalled the extension from devices where it was previous deployed.
Users now see a warning that tells them that this extension contains malware.
Goes to show just how sneakily some malware can spread.