Home / Technology / Malware Hides in Browser Logos!
Malware Hides in Browser Logos!
20 Jan
Summary
- Malware campaign dubbed GhostPoster targets Chrome, Firefox, and Edge users.
- Malicious code hidden in image data of browser extension logos.
- Over 840,000 attacks recorded since December, with extensions in stores since 2020.
Security researchers have identified a targeted malware campaign, identified as GhostPoster, that exploits user trust by hiding malicious code within browser extension logos. This sophisticated attack primarily targets users of Chrome, Firefox, and Edge browsers. Since December, over 840,000 attacks have been detected as part of this ongoing campaign.
The GhostPoster malware operates by embedding malicious scripts within the image data of extension logos. After installation, these extensions spy on user activity. A secondary script, concealed in the logo's code and accessed via a backdoor, is then activated. This script manipulates affiliate links and redirects users to scam websites, in addition to potentially infecting devices with further malware by exploiting extended control rights.
Alarmingly, these malicious browser extensions have been available on the official Mozilla and Microsoft stores since 2020. Their prolonged presence, undetected for over five years, highlights a significant vulnerability, during which time an estimated 840,000 systems may have been compromised.
