Trending

#ghostposter

Latest posts tagged with #ghostposter on Bluesky

Latest Top
Trending
#MJF Tribute #WBC #Javier Bardem #Marty Supreme #Andrade #Jessie Buckley #Academy Awards #MBJ #Autumn Durald Arkapaw #Wallace #MJF Tribute #WBC #Javier Bardem #Marty Supreme #Andrade #Jessie Buckley #Academy Awards #MBJ #Autumn Durald Arkapaw #Wallace

Posts tagged #ghostposter

GhostWarrior ⚔️🏳️‍🌈 🇨🇦🇺🇦
GhostWarrior ⚔️🏳️‍🌈 🇨🇦🇺🇦
@ghostwarrior.bsky.social
1 month ago
Preview
If You've Installed Any of These 17 Browser Extensions, Delete Them Now Another wave of malicious browser extensions capable of tracking user activity have been found across Chrome, Firefox, and Edge. Some of them may have been active for up to five years.

@youranoncentral.bsky.social @youranonnews.bsky.social @openculture.bsky.social @wikipedia.org @archive.org @bellingcat.com Well ain't this a beyootch. 😒 A nasty bunch called #Ghostposter have been, busy. #ComputerSecurity
lifehacker.com/tech/delete-...

0 0 0 0
@pcmaggreece.bsky.social
1 month ago
Preview
17 δημοφιλείς επεκτάσεις για Chrome, Firefox και Edge κλέβουν δεδομένα – Απεγκαταστήστε τις τώρα Η εκστρατεία GhostPoster χρησιμοποίησε «αθώα» εργαλεία μετάφρασης και downloaders για να μολύνει 840.000 χρήστες, παρακάμπτοντας την ασφάλεια μέσω κρυμμένου κώδικα σε εικόνες.

⚠️Η LayerX αποκάλυψε 17 κακόβουλες επεκτάσεις που παρακολουθούν χρήστες. Δείτε τη λίστα και πώς το Urban VPN εκθέτει τις συνομιλίες σας με AI. #GhostPoster #CyberSecurityNews #GoogleChrome #Firefox

0 0 0 0
The Daily Tech Feed
The Daily Tech Feed
@thedailytechfeed.com
1 month ago
Post image

Alert: 17 malicious browser extensions in the GhostPoster campaign have compromised over 840,000 users. Stay vigilant and review your extensions! #CyberSecurity #BrowserSecurity #GhostPoster Link: thedailytechfeed.com/ghostposter-...

0 0 0 0
CEOTECH.IT
CEOTECH.IT
@ceotech.bsky.social
1 month ago
Post image

Chrome, Edge e Firefox colpiti da estensioni con backdoor
#Backdoor #Browser #Chrome #CyberSecurity #Edge #Estensioni #Firefox #GhostPoster #GoogleChrome #Hacker #Malware #MicrosoftEdge #Privacy #Sicurezza #TechNews #Tecnologia
www.ceotech.it/chrome-edge-...

0 0 0 0
The New Oil
The New Oil
@thenewoil.org
1 month ago
Preview
Malicious GhostPoster browser extensions found with 840,000 installs Another set of 17 malicious extensions linked to the GhostPoster campaign has been discovered in Chrome, Firefox, and Edge stores, where they accumulated a total of 840,000 installations.

Malicious #GhostPoster #browser extensions found with 840,000 installs

www.bleepingcomputer.com/news/security/malicious-...

#cybersecurity #malware

0 0 0 0
Mozilla
Mozilla
@mozilla.activitypub.awakari.com.ap.brid.gy
1 month ago
Preview
A group of cybercriminals called DarkSpectre is believed to be behind three campaigns spread by malicious browser extensions: ShadyPanda, GhostPoster, and Zoom Stealer. We wrote about the ShadyPanda campaign in December 2025, warning users that extensions which had behaved normally for years suddenly went rogue. After a malicious update, these extensions were able to track browsing behavior and run malicious code inside the browser. Also in December, researchers uncovered a new campaign, GhostPoster, and identified 17 compromised Firefox extensions. The campaign was found to hide JavaScript code inside the image logo of malicious Firefox extensions with more than 50,000 downloads, allowing attackers to to monitor browser activity and plant a backdoor. The use of malicious code in images is a technique called steganography. Earlier GhostPoster extensions hid JavaScript loader code inside PNG icons such as logo.png for Firefox extensions like “Free VPN Forever,” using a marker (for example, three equals signs) in the raw bytes to separate image data from payload. Newer variants moved to embedding payloads in arbitrary images inside the extension bundle, then decoding and decrypting them at runtime. This makes the malicious code much harder for researchers to detect. Based on that research, other researchers found an additional 17 extensions associated with the same group, beyond the original Firefox set. These were downloaded more than 840,000 times in total, with some remaining active in the wild for up to five years. GhostPoster first targeted Microsoft Edge users and later expanded to Chrome and Firefox as the attackers built out their infrastructure. The attackers published the extensions in each browser’s web store as seemingly useful tools with names like “Google Translate in Right Click,” “Ads Block Ultimate,” “Translate Selected Text with Google,” “Instagram Downloader,” and “Youtube Download.” The extensions can see visited sites, search queries, and shopping behavior, allowing attackers to create detailed profiles of users’ habits and interests. Combined with other malicious code, this visibility could be extended to credential theft, session hijacking, or attacks targeting online banking workflows, even if those are not the primary goal today. ## How to stay safe Although we always advise people to install extensions only from official web stores, this case proves once again that not all extensions available there are safe. That said, the risk involved in installing an extension from outside the web store is even greater. Extensions listed in the web store undergo a review process before being approved. This process, which combines automated and manual checks, assesses the extension’s safety, policy compliance, and overall user experience. The goal is to protect users from scams, malware, and other malicious activity. Mozilla and Microsoft have removed the identified add-ons from their stores, and Google has confirmed their removal from the Chrome Web Store. However, already installed extensions remain active until users manually uninstall them. If you’re worried that you may have installed one of these extensions, run a Malwarebytes Deep Scan with your browsers closed. * On the Malwarebytes **Dashboard** click on the three stacked dots to select the **Advanced Scan** option. * On the **Advanced Scan** tab, select **Deep Scan**. Note that this scan uses more system resources than usual. * After the scan, remove any found items, and then reopen your browser(s). **Manual check:** These are the names of the 17 additional extensions that were discovered: * AdBlocker * Ads Block Ultimate * Amazon Price History * Color Enhancer * Convert Everything * Cool Cursor * Floating Player – PiP Mode * Full Page Screenshot * Google Translate in Right Click * Instagram Downloader * One Key Translate * Page Screenshot Clipper * RSS Feed * Save Image to Pinterest on Right Click * Translate Selected Text with Google * Translate Selected Text with Right Click * Youtube Download Note: There may be extensions with the same names that are not malicious. * * * **We don’t just report on threats—we help safeguard your entire digital identity** Cybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.

Firefox joins Chrome and Edge as sleeper extensions spy on users Researchers found more sleeper browser extensions that spy on users and install backdoors, this time targeting Firefox users as well...

#News #Privacy #browser #extensions #DarkSpectre #GhostPoster

Origin | Interest | Match

0 0 0 0
2rZiKKbOU3nTafniR2qMMSE0gwZ
2rZiKKbOU3nTafniR2qMMSE0gwZ
@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy
1 month ago
Preview
A group of cybercriminals called DarkSpectre is believed to be behind three campaigns spread by malicious browser extensions: ShadyPanda, GhostPoster, and Zoom Stealer. We wrote about the ShadyPanda campaign in December 2025, warning users that extensions which had behaved normally for years suddenly went rogue. After a malicious update, these extensions were able to track browsing behavior and run malicious code inside the browser. Also in December, researchers uncovered a new campaign, GhostPoster, and identified 17 compromised Firefox extensions. The campaign was found to hide JavaScript code inside the image logo of malicious Firefox extensions with more than 50,000 downloads, allowing attackers to to monitor browser activity and plant a backdoor. The use of malicious code in images is a technique called steganography. Earlier GhostPoster extensions hid JavaScript loader code inside PNG icons such as logo.png for Firefox extensions like “Free VPN Forever,” using a marker (for example, three equals signs) in the raw bytes to separate image data from payload. Newer variants moved to embedding payloads in arbitrary images inside the extension bundle, then decoding and decrypting them at runtime. This makes the malicious code much harder for researchers to detect. Based on that research, other researchers found an additional 17 extensions associated with the same group, beyond the original Firefox set. These were downloaded more than 840,000 times in total, with some remaining active in the wild for up to five years. GhostPoster first targeted Microsoft Edge users and later expanded to Chrome and Firefox as the attackers built out their infrastructure. The attackers published the extensions in each browser’s web store as seemingly useful tools with names like “Google Translate in Right Click,” “Ads Block Ultimate,” “Translate Selected Text with Google,” “Instagram Downloader,” and “Youtube Download.” The extensions can see visited sites, search queries, and shopping behavior, allowing attackers to create detailed profiles of users’ habits and interests. Combined with other malicious code, this visibility could be extended to credential theft, session hijacking, or attacks targeting online banking workflows, even if those are not the primary goal today. ## How to stay safe Although we always advise people to install extensions only from official web stores, this case proves once again that not all extensions available there are safe. That said, the risk involved in installing an extension from outside the web store is even greater. Extensions listed in the web store undergo a review process before being approved. This process, which combines automated and manual checks, assesses the extension’s safety, policy compliance, and overall user experience. The goal is to protect users from scams, malware, and other malicious activity. Mozilla and Microsoft have removed the identified add-ons from their stores, and Google has confirmed their removal from the Chrome Web Store. However, already installed extensions remain active until users manually uninstall them. If you’re worried that you may have installed one of these extensions, run a Malwarebytes Deep Scan with your browsers closed. * On the Malwarebytes **Dashboard** click on the three stacked dots to select the **Advanced Scan** option. * On the **Advanced Scan** tab, select **Deep Scan**. Note that this scan uses more system resources than usual. * After the scan, remove any found items, and then reopen your browser(s). **Manual check:** These are the names of the 17 additional extensions that were discovered: * AdBlocker * Ads Block Ultimate * Amazon Price History * Color Enhancer * Convert Everything * Cool Cursor * Floating Player – PiP Mode * Full Page Screenshot * Google Translate in Right Click * Instagram Downloader * One Key Translate * Page Screenshot Clipper * RSS Feed * Save Image to Pinterest on Right Click * Translate Selected Text with Google * Translate Selected Text with Right Click * Youtube Download Note: There may be extensions with the same names that are not malicious. * * * **We don’t just report on threats—we help safeguard your entire digital identity** Cybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.

Firefox joins Chrome and Edge as sleeper extensions spy on users Researchers found more sleeper browser extensions that spy on users and install backdoors, this time targeting Firefox users as well...

#News #Privacy #browser #extensions #DarkSpectre #GhostPoster

Origin | Interest | Match

0 1 0 0
Mozilla
Mozilla
@mozilla.activitypub.awakari.com.ap.brid.gy
1 month ago
Preview
A group of cybercriminals called DarkSpectre is believed to be behind three campaigns spread by malicious browser extensions: ShadyPanda, GhostPoster, and Zoom Stealer. We wrote about the ShadyPanda campaign in December 2025, warning users that extensions which had behaved normally for years suddenly went rogue. After a malicious update, these extensions were able to track browsing behavior and run malicious code inside the browser. Also in December, researchers uncovered a new campaign, GhostPoster, and identified 17 compromised Firefox extensions. The campaign was found to hide JavaScript code inside the image logo of malicious Firefox extensions with more than 50,000 downloads, allowing attackers to to monitor browser activity and plant a backdoor. The use of malicious code in images is a technique called steganography. Earlier GhostPoster extensions hid JavaScript loader code inside PNG icons such as logo.png for Firefox extensions like “Free VPN Forever,” using a marker (for example, three equals signs) in the raw bytes to separate image data from payload. Newer variants moved to embedding payloads in arbitrary images inside the extension bundle, then decoding and decrypting them at runtime. This makes the malicious code much harder for researchers to detect. Based on that research, other researchers found an additional 17 extensions associated with the same group, beyond the original Firefox set. These were downloaded more than 840,000 times in total, with some remaining active in the wild for up to five years. GhostPoster first targeted Microsoft Edge users and later expanded to Chrome and Firefox as the attackers built out their infrastructure. The attackers published the extensions in each browser’s web store as seemingly useful tools with names like “Google Translate in Right Click,” “Ads Block Ultimate,” “Translate Selected Text with Google,” “Instagram Downloader,” and “Youtube Download.” The extensions can see visited sites, search queries, and shopping behavior, allowing attackers to create detailed profiles of users’ habits and interests. Combined with other malicious code, this visibility could be extended to credential theft, session hijacking, or attacks targeting online banking workflows, even if those are not the primary goal today. ## How to stay safe Although we always advise people to install extensions only from official web stores, this case proves once again that not all extensions available there are safe. That said, the risk involved in installing an extension from outside the web store is even greater. Extensions listed in the web store undergo a review process before being approved. This process, which combines automated and manual checks, assesses the extension’s safety, policy compliance, and overall user experience. The goal is to protect users from scams, malware, and other malicious activity. Mozilla and Microsoft have removed the identified add-ons from their stores, and Google has confirmed their removal from the Chrome Web Store. However, already installed extensions remain active until users manually uninstall them. If you’re worried that you may have installed one of these extensions, run a Malwarebytes Deep Scan with your browsers closed. * On the Malwarebytes **Dashboard** click on the three stacked dots to select the **Advanced Scan** option. * On the **Advanced Scan** tab, select **Deep Scan**. Note that this scan uses more system resources than usual. * After the scan, remove any found items, and then reopen your browser(s). **Manual check:** These are the names of the 17 additional extensions that were discovered: * AdBlocker * Ads Block Ultimate * Amazon Price History * Color Enhancer * Convert Everything * Cool Cursor * Floating Player – PiP Mode * Full Page Screenshot * Google Translate in Right Click * Instagram Downloader * One Key Translate * Page Screenshot Clipper * RSS Feed * Save Image to Pinterest on Right Click * Translate Selected Text with Google * Translate Selected Text with Right Click * Youtube Download Note: There may be extensions with the same names that are not malicious. * * * **We don’t just report on threats—we help safeguard your entire digital identity** Cybersecurity risks should never spread beyond a headline. Protect your, and your family’s, personal information by using identity protection.

Firefox joins Chrome and Edge as sleeper extensions spy on users Researchers found more sleeper browser extensions that spy on users and install backdoors, this time targeting Firefox users as well...

#News #Privacy #browser #extensions #DarkSpectre #GhostPoster

Origin | Interest | Match

0 0 0 0
Ahmandonk
Ahmandonk
@ahmandonk.bsky.social
1 month ago

📰 Ekstensi Browser Berbahaya GhostPoster Ditemukan dengan 840.000 Instalasi

👉 Baca artikel lengkap di sini: ahmandonk.com/2026/01/19/ekstensi-brow...

#browser #extension #chrome #cybersecurity #edge #firefox #ghostposter #malware

0 0 0 0
CySecurity News
CySecurity News
@cysecuritynews.bsky.social
1 month ago
Preview
GhostPoster Malware Campaign Exposes Browser Extension Risks  A stealthy malware operation has been discovered by cybersecurity researchers, which remained undetected for a period of up to five years and accumulated more than 840,000 downloads on various platforms. The research began with a study by Koi Security of a Firefox browser extension called GhostPoster, which embedded its malicious code in a seemingly innocuous PNG image file. Such a trick allowed the malware to evade static analysis and manual reviews by browser markets.  Based on the findings of Koi Security, the LayerX researchers decided to dig deeper into the infrastructure and discovered 17 more extensions that used the same backend infrastructure and had the same tactics, techniques, and procedures (TTPs). In total, these extensions had more than 840,000 downloads, with some of them remaining undetected on the users' devices for almost five years. LayerX researchers also discovered a more complex variant of the malware that used other evasion techniques and had 3,822 downloads on its own.  The operation emanates from Microsoft Edge and then methodically moves to chrome and Firefox, which looks like the work of a patient, evolving threat actor that is focused on stealth and trust-building. The extensions used to mimic legitimate functionality at first, avoiding suspicion, while the infrastructure was in place after many years. This stress test mentality highlights how cybercriminals abuse browser extensions as a low-friction vector to compromise user security without raising alarms in the short term.  Following the revelations, Mozilla and Microsoft immediately removed the offending extensions from their official stores, preventing further downloads. However, this removal does nothing to those copies already installed on users browsers, meaning millions might be left vulnerable to potential attacks unless they take action. LayerX’s blog stressed that users need to take an active role in mitigating ongoing risk by reviewing for and deleting the extensions.  Browser extensions have become a lucrative target for cybercriminals as hackers exploit the deep access these extensions have to browsing data and permissions, raising the stakes for vigilance in the evolving threat landscape. Users are advised to regularly review the installed add-ons' permissions, disable the ones they don't use or need, and remove the ones they don't trust. This is a warning that even extensions or add-ons that have been trusted for a long time can potentially contain malicious code, and it effectively calls for those using any major browser to adopt a more proactive approach to security.

GhostPoster Malware Campaign Exposes Browser Extension Risks #BrowserExtension #GhostPoster #LayerX

0 0 0 0
Hackread.com
Hackread.com
@hackread.bsky.social
2 months ago
Preview
GhostPoster Browser Malware Hid for 5 Years With 840,000 Installs Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

📢 🌐 ⚠️ GhostPoster browser malware ran undetected for 5 years, infecting 840,000 systems through Chrome, Firefox, and Edge extensions.

Read: hackread.com/ghostposter-...

#CyberSecurity #Malware #GhostPoster #Chrome #Firefox #Edge

0 0 0 0
The New Oil
The New Oil
@thenewoil.org
2 months ago
Preview
GhostPoster attacks hide malicious JavaScript in Firefox addon logos A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions counting more than 50,000 downloads, to monitor browser activity and plant a backdoor. [...]

#GhostPoster attacks hide malicious #JavaScript in #Firefox addon logos

www.bleepingcomputer.com/news/security/ghostposte...

#cybersecurity #Mozilla #FOSS

0 0 0 0
CyberNetSecIO
CyberNetSecIO
@netsecio.bsky.social
2 months ago
Preview
"GhostPoster" Malware Infects 50,000+ Firefox Users via Malicious Add-ons The GhostPoster malware campaign has infected over 50,000 Mozilla Firefox users by hiding malicious JavaScript inside the logo files of 17 browser extensions.

Firefox users beware! 🦊 'GhostPoster' malware found in 17 browser add-ons with 50,000+ downloads. Malicious code was hidden in logo files to hijack links and commit ad fraud. #Malware #Firefox #CyberSecurity #GhostPoster

0 0 0 0
ReconBee
ReconBee
@reconbee.bsky.social
2 months ago
Preview
GhostPoster Malware Found in 17 Firefox Add-ons with 50000+ Downloads malware payload that tracks everything you visit read more about GhostPoster Malware Found in 17 Firefox Add-ons with 50000+ Downloads

GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads reconbee.com/ghostposter-...

#ghostposter #malware #malwareattack #mozillafirefox #cyberattack

0 0 0 0
Firefox
Firefox
@firefox.activitypub.awakari.com.ap.brid.gy
2 months ago
Awakari App

GhostPoster Firefox Extensions Hide Malware in Icons The malware hijacks purchase commissions, tracks users, removes security headers, injects hidden iframes, and bypasses CAPTCHA. The post GhostPo...

#Malware #& #Threats #extension #Firefox #GhostPoster #malware

Origin | Interest | Match

0 0 0 0
MalWhere?
MalWhere?
@malwhere.bsky.social
2 months ago
Post image

🚨A campaign dubbed GhostPoster hid malicious JavaScript inside the image logos of Firefox extensions—using steganography—to spy on users and plant a backdoor. Over 50,000 downloads across popular add-ons like VPNs, translators, and utilities.
#CyberSecurity #BrowserSecurity #Malware #GhostPoster

1 0 1 0
Ahmandonk
Ahmandonk
@ahmandonk.bsky.social
2 months ago

📰 Kampanye GhostPoster: Malware Tersembunyi di Logo Ekstensi Firefox

👉 Baca artikel lengkap di sini: ahmandonk.com/2025/12/17/ghostposter-e...

#ekstensi #berbahaya #firefox #ghostposter #javascript #steganografi

1 0 0 0