Another wave of harmful browser extensions has been discovered, capable of tracking user activity and breaching privacy. This campaign, dubbed GhostPoster, affects popular web browsers like Chrome, Firefox, and Edge, with some extensions potentially operating for up to five years.
What is GhostPoster?
Identified by Koi Security, the GhostPoster campaign includes 17 Firefox add-ons designed to monitor users’ online behavior. Researchers found that these malicious extensions buried harmful JavaScript code inside their logos. This code acts as a “loader,” fetching additional malware from remote servers. LayerX, another research team, discovered an additional 17 harmful extensions across various browsers. All these extensions combined had over 840,000 installations.
How It Works
Initial reports indicate that GhostPoster started with Microsoft Edge and then spread to Chrome and Firefox. Some of the identified extensions include:
- Google Translate in Right Click
- Ads Block Ultimate
- Convert Everything
- Full Page Screenshot
One add-on, “Google Translate in Right Click,” was installed over 522,000 times, highlighting how popular these malicious tools became before being identified.
GhostPoster has some sophisticated features that help it avoid detection. For instance, it doesn’t activate immediately; there’s a 48-hour delay. It also communicates with its servers only under specific conditions. While it doesn’t collect user credentials directly or engage in phishing, it compromises security in other ways. It hijacks affiliate traffic, modifies HTTP headers, and can even engage in click fraud.
User Reactions and Awareness
The news of GhostPoster has sparked conversations on social media platforms. Users express frustration and concern about how easily these harmful extensions can slip through the cracks. Many are urging others to scrutinize their installed extensions carefully, as even seemingly harmless add-ons can pose significant risks.
What You Can Do
While these harmful extensions are not available to add anymore, users who have them should remove them immediately. They can remain active until explicitly deleted. Regularly checking installed extensions and researching their legitimacy can help maintain better online safety.
Experts emphasize that browser security is an ongoing battle. Thus, remaining vigilant and informed is crucial in protecting your privacy and data online.
For more information on browser security and related issues, check resources like the Cybersecurity & Infrastructure Security Agency (CISA) for ongoing updates and guidance.
