A cyber campaign named βGhostPosterβ is hiding malicious JavaScript code within popular Firefox extension logos to monitor activity and plant backdoors. This stealthy attack enables persistent access, affiliate hijacking, and ad fraud, posing a significant threat to user privacy. #GhostPoster #FirefoxExtensions
Keypoints
- The GhostPoster campaign targets over 50,000 downloads across multiple popular Firefox extensions.
- The malicious code is concealed within PNG logo images using steganography.
- The loader downloads an obfuscated payload that performs browser hijacking and ad fraud activities.
- The payloadβs retrieval is intentionally infrequent, making detection more difficult.
- Users are advised to remove affected extensions and reset their passwords to mitigate risks.