Microsoft is investigating reports that some Edge browser extensions are redirecting Google searches to obscure portals like OKSearch.com. Users reporting the issues have identified 5 malicious add-ons that are mentioned to be redirecting these searches.
Interestingly, all of them bear names of legitimate developers, like NordVPN, Adguard VPN, TunnelBear VPN, The Great Suspender, and Floating Player – Picture-in-Picture Mode. However, in response to an investigation, all of them are from fraudsters with no relation to the legitimate companies whose names are getting used to deceive unsuspecting users.The issue has been described in detail by Redditor, u/OldPizza, who alleged that every now and then, Google search links are hijacked and redirected to OKSearch on Microsoft Edge. The redirected page “then itself redirects to another site. The redirect varies — once it was Amazon, another time it was zoo.com, another time it was publicrecords.info”. The problem, apparently, only occurs once in a while and never every time you click on a link on Google search results.
Explaining the workings of the malicious extensions, Laurence Norah, a Microsoft Edge user and photographer at ‘Finding the Universe’, mentioned: “I had the tunnelbear extension installed, but I removed it once I figured out it was causing the issue. It’s easy enough to see it happening—if you install one of the affected extensions in Edge, open dev tools, and press the ‘sources’ tab, you’ll see something that shouldn’t be there like ok-search.org or cdn77”.
Microsoft has since issued an official statement saying it’s investigating the reports and will take all necessary steps to protect clients. “We’re investigating the reported extensions listed and will take action as needed to help protect customers”, the corporate said.