Microsoft shut down StegoAd, a long-running Edge Add-ons campaign that used steganography in image and font files to hide malicious code inside 119 extensions. The operation stole credentials, hijacked sessions, and drove ad fraud while showing ties to DarkSpectre, ShadyPanda, GhostPoster, and mitarchive.info. #StegoAd #DarkSpectre #ShadyPanda #GhostPoster #mitarchive.info
Keypoints
- Microsoft removed 119 malicious Edge extensions from the store.
- StegoAd hid payloads in PNG, WebP, and WOFF2 files.
- The extensions stayed dormant for days and used evasion checks.
- The campaign stole Google and WordPress credentials and cookies.
- Microsoft linked the activity to DarkSpectre and related campaigns.
Read More: https://thehackernews.com/2026/06/microsoft-removes-119-edge-extensions.html