The campaign, known as GhostPoster, was identified by Koi Security in December and included 17 Firefox add-ons designed to monitor users' browsing activity. Threat actors planted malicious JavaScript code in the extension's PNG logo, which served as a malware loader to retrieve the main payload from a remote server. Researchers at LayerX have found an additional 17 malicious extensions across multiple browsers that have collectively been installed more than 840,000 times.
Ongoing GhostPoster malware campaign
Google Translate in Right Click
Ads Block Ultimate
Convert Everything
One Key Translate
Save Image to Pinterest on Right Click
RSS Feed
Full Page Screenshot
Color Enhancer
Page Screenshot Clipper
GhostPoster malware has built-in safeguards to prevent detection—for example, activation is delayed by 48 hours, and it only communicates with remote attack servers under certain conditions. Once installed, though, extensions that are part of GhostPoster have the ability to hijack affiliate traffic (and redirect commissions to attackers), strip and inject HTTP headers to weaken security, bypass CAPTCHA, and inject iframes and scripts for click fraud and user tracking. The only sort-of good news is that the malware doesn't harvest credentials or engage in phishing.
While the malicious extensions are no longer available to add in Chrome, Edge, and Firefox, users who have them installed should remove them immediately, as they remain active until explicitly deleted.
Hence then, the article about if you ve installed any of these 17 browser extensions delete them now was published today ( ) and is available on Live Hacker ( Middle East ) The editorial team at PressBee has edited and verified it, and it may have been modified, fully republished, or quoted. You can read and follow the updates of this news or article from its original source.
Read More Details
Finally We wish PressBee provided you with enough information of ( If You've Installed Any of These 17 Browser Extensions, Delete Them Now )
Also on site :