You might have a dangerous browser extension monitoring your browser history and not even know it.
As the good folks at Lifehacker reported, cybersecurity researchers with LayerX identified 17 malicious browser extensions across Chrome, Firefox, and Edge, with some active for up to five years. (Disclosure: Lifehacker is owned by Ziff Davis, the same parent company as Mashable.) These malware-infected browser extensions are part of the GhostPoster campaign, first identified in December by Koi Security.
The Koi Security researchers originally identified 17 malicious browser add-ons, for a total of 34 dangerous extensions. The extensions are no longer available, but if you've already downloaded them, they remain active and must be manually deleted as soon as possible.
You May Also Like
As Koi Security found, the extensions hide "a multi-stage malware payload that monitors everything you browse, strips away your browser's security protections, and opens a backdoor for remote code execution." LaxerX further reports that the malware can weaken websites’ security measures, hijack affiliate traffic, inject iframes and scripts that track users, and inject malicious scripts onto a user’s device.
Here's the full list of extensions, via LayerX and Lifehacker:
Google Translate in Right Click
Translate Selected Text with Google
Ads Block Ultimate
Floating Player – PiP Mode
Convert Everything
Youtube Download
One Key Translate
AdBlocker
Save Image to Pinterest on Right Click
Instagram Downloader
RSS Feed
Cool Cursor
Full Page Screenshot
Amazon Price History
Color Enhancer
Translate Selected Text with Right Click
Page Screenshot Clipper
Some of these were quite popular extensions. Google Translate in Right Click, for instance, had more than half a million installs, according to LayerX researchers.
The malware in the extensions is known as GhostPoster, which hides malicious code in the extension's PNG logo. The researchers say the malware campaign relied on sophisticated methods that let it evade detection for years. So if you've downloaded any of these extensions, it's best to delete them right away.
Read more about the GhostPoster campaign at Lifehacker.
Topics Cybersecurity Privacy
Tim Marcin is an Associate Editor on the culture team at Mashable, where he mostly digs into the weird parts of the internet. You'll also see some coverage of memes, tech, sports, trends, and the occasional hot take. You can find him on Bluesky (sometimes), Instagram (infrequently), or eating Buffalo wings (as often as possible).
