Researchers Uncover 5-Year-Old Malware Campaign Targeting Chrome, Firefox, and Edge via Malicious Extensions

Researchers have identified an active malware campaign operating for five years, targeting Chrome, Firefox, and Edge browsers through malicious extensions. Dubbed GhostPoster, this operation has infected approximately 840,000 users by exploiting hidden payloads and a shared infrastructure. The compromised extensions, often distributed via official stores, collected data and redirected traffic to attacker-controlled servers. Companies Koi Security and LayerX contributed to the analysis, uncovering persistent evasion techniques. No details about the victims or the attackers' motivations have been disclosed.