Google

Delete these Chrome and Edge extensions now: they’re secretly tracking users

Security experts warn that over 2.3 million users have been compromised by malware hidden in popular browser add-ons.

Delete these Chrome and Edge extensions now: they’re secretly tracking users
ManrescaOliver Betancourt
Update:
facebook
twitter
whatsapp

A new report from Koi Security has uncovered a massive browser hijacking campaign affecting Google Chrome and Microsoft Edge. At least 18 extensions, including Unlock YouTube VPN and Unlock TikTok, were found to contain malicious code capable of tracking user activity, collecting personal data, and redirecting browsers to attacker-controlled websites.

What happened?

The campaign, dubbed RedDirection, involved extensions that appeared safe and even earned verified badges or “featured” status on official extension stores. These add-ons functioned as promised, offering VPN access, emoji keyboards, weather forecasts, and more, but secretly activated background services that monitored every page visit.

The malware:

  • Captured URLs and sent them to remote servers
  • Assigned unique tracking IDs to users
  • Redirected browsers to phishing or scam sites
  • Operated silently, without requiring user interaction
Delete these Chrome and Edge extensions now: they’re secretly tracking users

Affected extensions (partial list)

Chrome:

  • Unlock YouTube VPN
  • Unlock TikTok
  • Unlock Discord – VPN Proxy
  • Color Picker, Eyedropper – Geco colorpick
  • Free Weather Forecast
  • Emoji Keyboard Online
  • Volume Max – Ultimate Sound Booster
  • Dark Theme – Dark Reader for Chrome

Edge:

  • Unlock TikTok
  • Volume Booster – Increase Your Sound
  • Web Sound Equalizer
  • Flash Player – Games Emulator
  • SearchGPT – ChatGPT for Search Engine

These extensions were downloaded over 2.3 million times, making this one of the largest browser hijacking operations documented to date.

What should you do?

Koi Security and other experts recommend the following steps:

  • Delete any suspicious extensions immediately
  • Clear your browser cache and cookies
  • Reset Chrome or Edge to default settings
  • Change passwords for sensitive accounts
  • Enable two-factor authentication (2FA)
  • Run a full malware scan on your system
Delete these Chrome and Edge extensions now: they’re secretly tracking users

Even if an extension looks trustworthy, it can turn malicious after a silent update. Always review permissions and monitor for unusual behavior.

Related stories

Song A Day Guy turns Coldplay kiss cam CEO scandal into a hidden object game
Viral

Song A Day Guy turns Coldplay kiss cam CEO scandal into a hidden object game

iPhone 17 color lineup revealed, and one rumored shade might be Liquid Glass
Apple

iPhone 17 color lineup revealed, and one rumored shade might be Liquid Glass

Follow MeriStation USA on X (formerly known as Twitter). Your video game and entertainment website for all the news, updates, and breaking news from the world of video games, movies, series, manga, and anime. Previews, reviews, interviews, trailers, gameplay, podcasts and more! Follow us now!

Tagged in:
Comments
Rules

Complete your personal details to comment