Dark Reader is a popular eye-care extension that enables night mode for websites on the fly. It was recently noticed that multiple Dark Reader copies with similar names and additional code were removed from Firefox Add-ons Store, Chrome Web Store, and Microsoft Store. The malicious code was stealing users’ data using fake forms and was uploading it to a remote server.
Microsoft removes malicious Edge extensions
Microsoft has recently silently removed several such malicious Edge extensions from their Store.
The malicious code mentioned above that was sending the data to a remote server was hidden in a .PNG file. Once 5 days after were over, the installed browser extension started uploading data to the remote server. This is a major cause of data theft using phishing.
So, in case you noticed some similar behavior where you were forcefully asked to fill up a form with your information using such web browsers, you might be one of the victims to this attack.
If you were using such a rogue extension, or noticed some strange website behavior, or remember getting an SMS security code when you were not trying to sign in somewhere, we recommend that you reset all your passwords, reissue your card or contact your bank. Check your Google, Microsoft, Amazon, or banking account activity history too.
There are a number of ways by which you can protect yourself from such attacks in the future. Some of them are:
- Check the publisher’s name before downloading an extension.
- Try using first-party extensions.
- Use open-source extensions.
- Try to get the paid versions of such extensions as they are more reliable and come with added security.
- Verify if you are downloading the legit extension.
- Protect your accounts with 2FA or two-factor authentication.
You can learn more about this attack and remedies for it in the official post.