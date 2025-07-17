If you use Google Chrome or Microsoft Edge on your computer, now is the time to take your online security seriously and check your browser for hidden risks. Security researchers at Koi Security have uncovered a campaign that compromised at least 18 different browser extensions, many disguised as helpful tools, all while quietly tracking users’ web activity and putting personal data in jeopardy. So far, over 2.3 million people have been caught up in this silent invasion of privacy.

What’s going on with these extensions? The problematic extensions at the heart of this campaign appeared to do exactly what they advertised. They offered features users want, such as emoji keyboards, video speed controls, weather updates, volume boosters, VPN services for Discord and TikTok, YouTube unblockers, and dark themes. Once installed, these ‘harmless’ add-ons covertly turned into surveillance tools that secretly monitor browsing activity and send that data to remote servers.

Google has already removed the extensions from the official Chrome Web Store. However, if you installed any of them before they were taken down, you will need to delete them manually. To make matters worse, some of these extensions continue to circulate on third-party websites, still putting users at risk.

How your data was stolen Security experts found that these extensions followed a set pattern. First, each one captured the address of every website you visited. That information was then sent back to a remote server and tagged with a unique identifier attached to your device. The server could respond with instructions to automatically redirect your browser to other websites of its choosing. All this happened silently, making it easy for the attackers to spy on or even manipulate your browsing experience.

For example, if you clicked on a perfectly normal video meeting invite, the extension might redirect you to a fake site mimicking a necessary software update. Downloading anything from there could open your computer up to further malware.

Which extensions were affected? Some of the known extensions include Unlock Discord, Dark Theme, Volume Max, Unblock TikTok, Unlock YouTube VPN, Geco Colorpick, Weather, and various others for both Chrome and Edge. It’s likely that even more unsafe add-ons are still circulating, especially if downloaded outside the official extension stores.

What should you do now? To safeguard your information, open your browser’s settings and look for “Extensions” in the main menu or under “More tools.” Go through the list and remove any add-ons you do not recognise or no longer use. Click “Remove” or “Uninstall” for anything suspicious, then restart your browser. It is wise to change important passwords, clear your saved autofill entries, and run a trusted antivirus or anti-malware scan for extra peace of mind.