What is the GhostPoster malware campaign?

GhostPoster is a malware campaign that hides malicious code within the logos of browser extensions to steal data and redirect users to fraudulent websites.

Which browsers are affected by GhostPoster?

The GhostPoster malware campaign specifically targets users of Chrome, Firefox, and Edge browsers.

How long has the GhostPoster malware been active?

The malicious browser extensions have been available in official stores since 2020, with over 840,000 attacks recorded since December.

Home / Technology / Malware Hides in Browser Logos!

Malware Hides in Browser Logos!

20 Jan

•

Summary

Malware campaign dubbed GhostPoster targets Chrome, Firefox, and Edge users.
Malicious code hidden in image data of browser extension logos.
Over 840,000 attacks recorded since December, with extensions in stores since 2020.

Security researchers have identified a targeted malware campaign, identified as GhostPoster, that exploits user trust by hiding malicious code within browser extension logos. This sophisticated attack primarily targets users of Chrome, Firefox, and Edge browsers. Since December, over 840,000 attacks have been detected as part of this ongoing campaign.

The GhostPoster malware operates by embedding malicious scripts within the image data of extension logos. After installation, these extensions spy on user activity. A secondary script, concealed in the logo's code and accessed via a backdoor, is then activated. This script manipulates affiliate links and redirects users to scam websites, in addition to potentially infecting devices with further malware by exploiting extended control rights.

Alarmingly, these malicious browser extensions have been available on the official Mozilla and Microsoft stores since 2020. Their prolonged presence, undetected for over five years, highlights a significant vulnerability, during which time an estimated 840,000 systems may have been compromised.