Avoid these imposter VPN extensions that hijack your browser search results

November 24, 2020

By Kim Komando

VPNs are designed to protect your privacy when you browse the web, so they’re the last thing you’d expect to put your data at risk.

That’s why scammers will sometimes disguise their malware as VPN extensions. It’s an easy way for them to slip malware and spam by you without you noticing. Tap or click here to see how three iPhone VPNs secretly installed fleeceware on victim’s phones.

Several prominent VPN extensions for Microsoft’s Edge browser were recently caught redirecting users to malicious search engines without permission. All of these extensions were imposters of major brands to trick victims into downloading them.

If you have any of these extensions installed, we’ll show you how you can remove them at once.

These Edge extensions are not what they claim to be

Edge users on Reddit recently noticed an unusual issue when trying to run Google searches in their browser windows. The searches would automatically redirect to a shady search engine called oksearch, with web requests connecting via the domain cdn77.org.

If an Edge user sets Google as their default search engine, this isn’t supposed to happen. After sharing their experiences, Redditors concluded that some of their extensions were to blame.

Most of the suspects appeared to be major VPN brands, but closer inspection revealed they were knockoffs impersonating legitimate add-ons. The extensions bore the names of the real apps, but the developers were completely unrelated.

Removing the extensions appeared to resolve the issues. Microsoft also responded to the Redditors and vowed to investigate the extensions and the problems they caused. Three of the VPN brands released statements saying they had no affiliation with the imposters.

It’s a good thing these fraud extensions were found when they were. Although they only seemed to change search engines for victims, the permissions they asked for could have let them scan data from websites or change privacy settings.

How can I remove these extensions and protect my browser?

Check if any of the malicious extensions are installed by clicking the three-dot icon in the upper-right corner of your Edge browser and clicking Extensions.

Under Installed Extensions, look for any of the following names:

  1. NordVPN
  2. Adguard VPN
  3. TunnelBear VPN
  4. The Great Suspender
  5. Floating Player — Picture-in-Picture Mode

If one or more of these are installed for your Edge browser, click remove under the extension’s listing to uninstall it.

Next, let’s change your default search engine back to normal.

  1. Tap the three-dot icon again and click Settings.
  2. From the left-hand sidebar, click Privacy, search, and services.
  3. Scroll down and click Address bar and search.
  4. Using the dropdown menu next to Search engine used in the address bar, select your default search engine. We recommend using Google, Bing or DuckDuckGo.

Tap or click here to see why DuckDuckGo is a great privacy-centric alternative to Google.

If you want even more peace of mind, you can give your system a scan to make sure no traces of malware remain.

Tap or click here to see our favorite free online scanners.

To protect yourself from getting tricked by imposter extensions in the future, always take time to read the reviews carefully. If others are experiencing issues like the Redditors above did, you’ll probably see them mentioned in the reviews.

Despite all the trouble caused by these imposters, it’s absolutely worth having a VPN to protect your privacy. Our sponsor ExpressVPN not only encrypts your data and protects your IP address, but it also does this for all the devices you own.

Tap or click here to find out more about ExpressVPN, the only VPN Kim trusts.

https://www.komando.com/tips/cybersecurity/imposter-vpn-extensions/