Microsoft has a serious problem with fake program extensions tours Edge hosted in the company's store.
After removal of many fake and dangerous extensions last week, Microsoft again had to remove a fake extension. Last week, it became known that several fake extensions were removed by Microsoft. They were made to look like extensions from legitimate services (uBlock Origin, VPN services NordVPN, Adguard VPN and TunnelBear VPN and many other regular browser extensions).
Many companies and developers have not developed extensions for Microsoft Edge or ported their existing extensions to Microsoft Store. Fake extensions are created and uploaded by third-party developers. All used the names of popular products, likely to make Microsoft Edge users install them without checking. These extensions redirect browser searches to OKSearch.
The developers of Windscribe (a popular VPN application) revealed yesterday that their service was also targeted. A fake Windscribe extension was uploaded to the Microsoft Store, and like many others, it was accepted by Microsoft.
Someone uploaded a modified version of the extension and the company approved it without any scrutiny, or if it was scrutinized it was not enough. The extension does not appear to contain any malware at first glance, however it would be good to change your Windscribe password if you are using the extension.
Microsoft, meanwhile, has labeled the fake extension malicious. As a result, the extension is no longer available and users who have it installed will see it as disabled.
The actual Windscribe extension is still waiting in line for control by Microsoft.
Microsoft's audit process did not detect any fake extensions released in the company's store in the last two weeks. It seems that the company should change the control process, and even immediately.