:max_bytes(150000):strip_icc():format(jpeg)/growtika-3ajwj0BNB_M-unsplash-777b7f43a1db4c15a4c219094b29c91e.jpg)
Byte-Sized Brief
- Malicious Firefox add-ons hid code inside logo files.
- They collected thousands of installs before removal.
- Free VPNs and ad blockers were some of the covers.
A browser add-on can carry more risk than you might think. Security researchers recently uncovered a malware campaign called GhostPoster that hid malicious code inside the logo files of over a dozen Firefox extensions. The add-ons, which were pitched as everyday tools like free VPNs or ad blockers, were downloaded more than 50,000 times before being taken down.
After installation, the extensions waited days before activating and only ran some of the time to avoid detection. When active, they pulled in malware from remote servers that tracked users’ browsing, weakened the browser’s security settings, hijacked affiliate links, and injected hidden pages to generate ad and click fraud.
What should you do about this? Disabling JavaScript is one option, but a better approach is to simply uninstall any installed add-ons (here’s the full list). And from now on, only install add-ons from developers you recognize. Free VPN extensions frequently appear in malware threats like this and should always be avoided.
If you want privacy tools for your computer that don’t end up in the news for all the wrong reasons, it pays to stick with providers that have a positive track record and transparent data-logging policies.
The Bottom Line
GhostPoster is an example of how malware can hide in browser extensions. Being selective about the add-ons you install and avoiding unknown VPNs can prevent problems before they start.
Thanks for letting us know!
Tell us why!
