A series of malicious browser extensions, starting with GhostPoster, exploited cloaking techniques to evade detection across multiple platforms, including Firefox, Chrome, and Edge. Over 840,000 users were affected by these extensions, which remained active for years despite being removed from official marketplaces. #GhostPoster #LayerX #BrowserExtensions
Keypoints
- GhostPoster used image-based payloads to bypass static analysis tools.
- LayerX traced 17 additional extensions sharing the same infrastructure and tactics.
- Over 840,000 installations were recorded, with some extensions active for nearly five years.
- The campaign expanded from Microsoft Edge to Chrome and Firefox over time.
- Users are advised to review and remove unnecessary browser extensions regularly.
Read More: https://hackread.com/ghostposter-browser-malware-840000-installs/