GhostPoster Attack: Malicious Browser Extensions Hit Chrome, Firefox, Edge Users

• A sophisticated malware campaign, GhostPoster, targeted Chrome, Firefox, and Edge users via 17 malicious browser extensions.
• These extensions, downloaded over 840,000 times, appeared as normal tools like ad blockers and screenshot grabbers.
• The malware used steganography, hiding malicious code within PNG image files (extension icons) to bypass security checks.
• GhostPoster waited 48 hours to five days after installation before contacting remote servers to download further malicious code.
• The malware weakened website security, redirected affiliate links, injected scripts for click fraud, and tracked users.

Why It Matters: GhostPoster highlights the critical need to regularly review and remove unrecognized browser extensions for security.