gbhackers - A chilling discovery by Koi Security has exposed a sophisticated browser hijacking campaign dubbed “RedDirection,” compromising over 1.7 million users through 11 Google-verified Chrome extensions.

This operation, which also spans Microsoft Edge with additional extensions totaling 2.3 million infections across platforms, exploited trusted signals like verification badges, featured placements, and high install counts to distribute malware under the guise of legitimate productivity and entertainment tools.

The RedDirection campaign stands out due to its deceptive strategy of remaining benign for years before introducing malicious code via silent updates, a tactic that evaded scrutiny from both Google and Microsoft’s extension marketplaces.

These updates, auto-installed without user intervention, transformed trusted tools into surveillance platforms capable of tracking every website visit, capturing URLs, and redirecting users to fraudulent pages via command-and-control (C2) infrastructure like admitclick.net and click.videocontrolls.com.