Security researchers have found a new wave of malicious browser extensions affecting Chrome, Firefox, and Microsoft Edge. The extensions can track user activity and weaken online security. Experts warn users to delete them immediately.
The campaign is known as GhostPoster. It was first identified in December and may have been active since 2020. Researchers say some of the extensions hid malicious code inside their logo images.
According to security firm LayerX, the extensions were installed more than 840,000 times in total. Once active, they could monitor browsing behavior, inject scripts, and redirect online traffic for fraud.
The malware avoids detection by delaying its activity and only connecting to attack servers under certain conditions. While it does not steal passwords, it still poses a serious privacy risk.
Researchers identified the following 17 malicious extensions:
- Google Translate in Right Click
- Translate Selected Text with Google
- Ads Block Ultimate
- Floating Player – PiP Mode
- Convert Everything
- Youtube Download
- One Key Translate
- AdBlocker
- Save Image to Pinterest on Right Click
- Instagram Downloader
- RSS Feed
- Cool Cursor
- Full Page Screenshot
- Amazon Price History
- Color Enhancer
- Translate Selected Text with Right Click
- Page Screenshot Clipper
One extension, Google Translate in Right Click, alone had over 520,000 installs. Others were also widely used across different browsers.
These extensions have been removed from official stores. However, they remain dangerous if still installed. Users should check their browsers and delete any listed add-ons right away to stay safe.
Follow on Google News
