A sophisticated cybersecurity threat, initially identified as the GhostPoster browser extension, has evolved into a significant concern for users unaware of its hidden capabilities. Koi Security's analysis revealed a novel method of abuse where malicious code was concealed within seemingly harmless PNG image files, allowing the extension to evade detection by standard security checks, according to a recent report by HackRead.Following Koi Security's findings, LayerX investigated the infrastructure behind GhostPoster, uncovering 17 additional add-ons utilizing the same backend systems and tactics. These extensions, collectively installed over 840,000 times, had been active for up to five years. A more advanced variant, employing additional evasion techniques, accounted for 3,822 installs. The campaign began by targeting Microsoft Edge before spreading to Chrome and Firefox, suggesting a long-term strategy prioritizing stealth and persistence over rapid deployment. This slow expansion allowed the extensions to maintain user trust before activating their malicious functions.In response to these disclosures, Mozilla and Microsoft have removed the identified extensions from their respective marketplaces, preventing new downloads. However, already installed extensions remain a risk, necessitating manual removal by users. This incident highlights the growing trend of browser extensions being exploited as a primary vector for cyberattacks, underscoring the critical need for users to regularly audit their installed extensions, limit granted permissions, and promptly remove any that are no longer essential for their security.Source: HackRead
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds