Hackers and sophistication are getting synonymous these days. With every campaign, we get to know how vulnerable the ecosystems around us are. One such example has been identified where a campaign that
uses extensions has been targeting all the high-ticket browsers like Mozilla Firefox, Google Chrome, and Microsoft Edge. As mentioned in a report by GBhackers, around 17 malicious browser extensions were involved in an attack being dubbed the GhostPoster operation. These malicious extensions were downloaded more than 8,40,000 times in total.
How These Malicious Extensions Worked?
GhostPoster looked like your everyday set of tools, including ad blockers, cursor customiser, media downloader, and more. These are add-ons that people install on their systems without giving a second thought. Now, once installed, the malicious codes were hidden inside PNG image files like the extension's icon. Dubbed stenography, this technique allowed the hackers to let the malware dodge security checks used by the browser extension stores. After getting installed, GhostPoster was developed to sit back for a minimum of 48 hours to eradicate the last strand of suspicion as well, and the advanced version of the same was coded to stay on the back foot for five days. However, as soon as the waiting period ended, the malware connected to remote servers and downloaded malicious code on the system. When in action, the malware allowed the hackers to change the code of the primary file and make it difficult for security checks to catch the malware. And in most cases, the malware was used to steal money, weaken security protection on wesbites, redirect affiliate links, inject scripts to click fraud, track users across browsing sessions, and much more.
What Should You Do?
First things first, never ever download a random extension from any browser store until you are sure of everything around it. Apart from that, you can also thoroughly check the history of the developers who have published the extensions. That being said, here we are sharing the list of extensions that have been flagged. Remove them if you still have them on your PC:-Google Translate in Right Click-Translate Selected Text with Google-Ads Block Ultimate-Floating Player – PiP Mode-Convert Everything-Youtube Download-One Key Translate-AdBlocker-Save Image to Pinterest on Right Click-Instagram Downloader-RSS Feed-Cool Cursor-Full Page Screenshot-Amazon Price History-Color Enhancer-Translate Selected Text with Right Click-Page Screenshot Clipper
/images/ppid_a911dc6a-image-176884402895172854.webp)
/images/ppid_a911dc6a-image-176881882592612757.webp)
/images/ppid_a911dc6a-image-176859903369376060.webp)
/images/ppid_a911dc6a-image-176864622503919111.webp)
