A malicious campaign involving 17 browser extensions has infected Chrome, Firefox, and Edge with over 840,000 installations, secretly tracking user activity and injecting ads. Despite being exposed and removed from some stores, the campaign continues to evolve with advanced obfuscation methods, posing ongoing risks to users. #GhostPoster #BrowserExtensions
Keypoints
- The GhostPoster campaign involves 17 malicious extensions across multiple browser stores.
- The extensions hide malicious JavaScript within logo images to monitor activity and inject ads.
- Some extensions have been operating since 2020, indicating long-term malicious activity.
- An upgraded variant uses background scripts and covert image payloads for enhanced resilience.
- Extensions have been removed from Mozilla and Microsoft stores, but users may still be at risk if infected.