Microsoft has already removed the extension from the store

May 18, 2020 04:08 GMT  ·  By

The new Microsoft Edge browser is based on Chromium, the same engine that powers Google Chrome, so it’s capable of running any extension published in the Chrome Web Store.

But at the same time, Microsoft also maintains its own add-on stores where the company says it’s only publishing recommended extensions that have been previously verified and validated for its browser.

Only that just like it happens in the case of Google Chrome and Mozilla Firefox, Microsoft Edge extensions are prone to various infections that could end up with users being exposed.

And this is what happened recently when malicious code was discovered in a clone of the more famous Dark Reader extension.

Called “Dark Theme for Edge,” the knockoff came with code hidden in a PNG file which powered the downloading and execution of other malicious code from a C&C server. When the attack was complete, the extension was capable of collecting data from webpages using fake forms and then upload it to a server controller by the attacker, the dev of Dark Reader explains.

Microsoft already removed the extension

Similar clones were also discovered in the extension stores maintained by Google and Mozilla, and the developer says he actually reached out to both companies in April. But Microsoft has only recently been targeted, so a similar message was sent to the software giant too.

The good news is that Microsoft responded quickly and removed the malicious extension from its store. Additionally, the company has also uninstalled the extension from devices where it was previously deployed in an attempt to protect these computers, so users will now see a warning that “this extension contains malware.”

At the time of writing, the malicious Dark Reader clones have also been banned from the Google Chrome Web Store and Mozilla add-on store.

Via TechDows