Interestingly, they all bear names of legitimate developers, like NordVPN, Adguard VPN, TunnelBear VPN, The Great Suspender and Floating Player – Picture-in-Picture Mode. However, according to an investigation by ArsTechnica, all of them are from fraudsters with no relation to the legitimate companies whose names are being used to deceive unsuspecting users. Explaining the workings of the malicious extensions, Laurence Norah, a Microsoft Edge user and photographer at ‘Finding the Universe’, said: “I had the tunnelbear extension installed, but I removed it once I figured out it was causing the issue. It’s easy enough to see it happening—if you install one of the affected extensions in Edge, open dev tools, and press the ‘sources’ tab, you’ll see something that shouldn’t be there like ok-search.org or cdn77”. Microsoft has since issued an official statement saying it is investigating the reports and will take all necessary steps to protect customers. “We’re investigating the reported extensions listed and will take action as needed to help protect customers”, the company said.
