Trojan-Backed Browser Hijacking Malware Campaign Infects Over 2.3 Million Chrome and Edge Users

A widespread browser hijacking malware campaign has silently infected more than 2.3 million users across Google Chrome and Microsoft Edge. Cybersecurity researchers have linked the incident to Trojan-style behavior, where once-trusted browser extensions were updated with hidden malicious code that spied on users’ online activity.

The campaign, identified as “RedDirection,” involved 18 browser extensions that offered features such as emoji keyboards, video boosters, VPN tools, and dark mode toggles. Although these extensions were safe at first, they quickly gained popularity after being distributed through the official browser shops. What they were, however, has been updated recently to become browser hijacking malware that can record every site visited, with the results being personally sent via attacker-controlled servers, along with a unique user ID number.

An increased number of users were redirected to phishing sites and possibly dangerous web pages unintentionally. Because the adware was sent with the support of the updates, which were created and delivered to look like legitimate ones, the malware was implemented very quickly without causing the usual types of suspicion in users. As security specialists point out, this strategy is quite similar to that of Trojan malware: gain the trust, and then make malicious capabilities available in the future.

To prevent the threats, users are highly recommended to remove suspicious extensions, delete the data on browsers, scan the device using a full malware scan, and change passwords, particularly on accounts used during the time of an infection. This massive browser hijacking malware operation highlights the need for ongoing vigilance, even when using tools from official sources.