Some Edge users have reported that when they do a Google search, they are redirected to an oksearch.org/xa2/click.html website and from there to a variety of other websites like Amazon or Zoom.
Microsoft removes the first malicious extensions from Edge
After posting the issue on Reddit, Microsoft revealed that the issue was caused by malicious extensions. These were in the Edge Extensions store and were intended to be VPN clients. The team removed these extensions from the Addons store:
NordVPNAdguard VPNTunnelBear VPNThe Great SuspenderFloating Player – Picture-In-Picture Mode
If you have used any of these extensions. Installed directly from the Microsoft Edge Add-ons store, we suggest you remove them from edge: // extensions.
Additionally, Microsoft has also asked the community for help finding other possible extensions:
If you have anything other than these extensions and are still seeing ad injections, please respond to this comment with a list of your extensions so the team can investigate further.
News reports suggest that malware authors are targeting the “app shortage” in the Edge Extensions Store by filling it with malicious apps. Users can, of course, install extensions directly from Google’s own extension store, although even this company has issues with malware from time to time.