Google Chrome warns that everything you do online could be recorded unless you take immediate action

Harmful extension downloaded to Google Chrome browser

Sora/GB News

|

Harmful malware is disguised as an extension and downloaded onto a user's Google Chrome browser

Taylor Bushey

By Taylor Bushey


Published: 16/07/2025

- 04:00
desktop-comment

Experts say 2.3 million users have been affected

  • 18 harmful extensions have been detected across Chrome and Edge
  • Hackers are eavesdropping during web surfing sessions
  • Extensions are disguised as emoji keyboards, video speed controllers, weather forecasts, etc.

If you're using Google Chrome on your PC, then you may want to check your browser ASAP and delete any harmful extensions.

Hackers can use these Chrome extensions to eavesdrop on your web surfing sessions and possibly steal your sensitive information, experts from Koi Security revealed. The scam has already impact 2.3 million users across Chrome and Microsoft Edge.

A total of 18 Chrome and Edge extensions with this malware have been revealed so far, many of which were disguised as productivity and entertainment tools. Google has taken action to remove the infected extensions from its Chrome store, but you'll need to delete them manually from your own web browser.

Categories for these extensions include emoji keyboards, video speed controllers, weather forecasts, volume boosters, VPN proxies for Discord and TikTok, YouTube unblockers, and dark themes.

  • Unlock Discord (Chrome)
  • Dark Theme (Chrome)
  • Volume Max (Chrome)
  • Unblock TikTok (Chrome)
  • Unlock YouTube VPN (Chrome)
  • Geco Colorpick (Chrome)
  • Weather (Chrome)
  • Unlock TikTok (Edge)
  • Volume Booster (Edge)
  • Web Sound Equalizer (Edge)
  • Header Value (Edge)
  • Flash Player (Edge)
  • YouTube Unblocked (Edge)
  • SearchGPT (Edge)
  • Unlock Discord (Edge)
Even though these extensions were working as originally advertised, experts researched further when it was found that they were hijacking browser activity and tracking the websites users were visiting.

Each harmful extension successfully worked under the radar in only four steps:

  1. Captured the URL of the page you're visiting
  2. Sent it to a remote server log with the accompanying unique tracking ID
  3. Received redirect URLs from the server
  4. Redirected your browser automatically if commanded
Google has said that all extensions have been removed from the Chrome Store, but several could also still be active on third party and standalone websites.
Malware detection warning on Google Chrome

Sora/GB News

|

A Harmful malware extension is detected on Google Chrome browser

Koi Security dubbed this campaign as RedDirection all because the deceit of the malware hid in plain sight.

For example, if you're sent a Microsoft Teams meeting invite and click the link, a damaging extension will intercept your request and redirect you to an unassuming page claiming to be a software in order to join. While you download to what appears to be an update is actually the malware compromising your device.

LATEST DEVELOPMENTS

If any of the listed extensions have been found on your device, not only are you advised to remove them, but also change any passwords and other sensitive auto-fill data.

To remove an extension:

  • Access your browser's extension settings (usually through the menu, then "More tools" or "Extensions")
  • Locate the suspicious extension, and click "Remove" or "Uninstall"
  • Restart your browser

It may also be beneficial to clear your browsing history and run an antivirus scan as a precaution.

TechGoogleMalware
More From GB News