Microsoft is investigating reports that some Edge browser extensions are redirecting Google searches to obscure portals like OKSearch.com. Users reporting the issues have identified five malicious add-ons that are said to be redirecting these searches.
Interestingly, they all bear names of legitimate developers, like NordVPN, Adguard VPN, TunnelBear VPN, The Great Suspender and Floating Player – Picture-in-Picture Mode. However, according to an investigation by ArsTechnica, all of them are from fraudsters with no relation to the legitimate companies whose names are being used to deceive unsuspecting users.
The issue has been described in detail by Redditor, u/OldPizza, who alleged that every now and then, Google search links are hijacked and redirected to OKSearch on Microsoft Edge. The redirected page “then itself redirects to another site. The redirect varies — once it was Amazon, another time it was zoo.com, another time it was publicrecords.info”. The problem, apparently, only happens once in a while and not every time you click a link on Google search results.
Explaining the workings of the malicious extensions, Laurence Norah, a Microsoft Edge user and photographer at ‘Finding the Universe’, said: “I had the tunnelbear extension installed, but I removed it once I figured out it was causing the issue. It’s easy enough to see it happening—if you install one of the affected extensions in Edge, open dev tools, and press the ‘sources’ tab, you’ll see something that shouldn’t be there like ok-search.org or cdn77”.
Microsoft has since issued an official statement saying it is investigating the reports and will take all necessary steps to protect customers. “We’re investigating the reported extensions listed and will take action as needed to help protect customers”, the company said.