1. Forum
  2. tqwNet
  3. TQW GENTECH

  • More malicious browser extensions uncovered - Chrome, Firefox, an

    From TechnologyDaily@1337:1/100 to All on Mon Jan 19 16:15:08 2026
    More malicious browser extensions uncovered - Chrome, Firefox, and Edge all affected

    Date:
    Mon, 19 Jan 2026 16:10:00 +0000

    Description:
    Malicious extensions were downloaded more than 840,000 times.

    FULL STORY ======================================================================LayerX found 17 malicious browser extensions with 840,000+ downloads Extensions hijacked affiliate links, injected tracking, and enabled ad fraud All extensions removed, but users must uninstall them manually

    Security researchers LayerX have discovered 17 extensions for Chrome,
    Firefox, and Edge browsers which monitored peoples internet activity and installed backdoors for persistent access. In total, the extensions were downloaded more than 840,000 times.

    This is not a new campaign. In fact, LayerX claims this is the continuation
    of GhostPoster , a campaign first discovered by Koi Security in mid-December 2025.

    Back then, the investigators found a different set of 17 extensions, cumulatively downloaded 50,000 times, which were doing the same thing - monitoring behavior and installing backdoors. GhostPoster

    Here is the full list of all discovered extensions :

    Google Translate in Right Click
    Translate Selected Text with GoogleAds Block Ultimate
    Floating Player PiP Mode
    Convert Everything
    Youtube Download
    One Key Translate
    AdBlocker
    Save Image to Pinterest on Right Click
    Instagram Downloader
    RSS Feed
    Cool Cursor
    Full Page Screenshot
    Amazon Price History
    Color Enhancer
    Translate Selected Text with Right Click
    Page Screenshot Clipper

    Among this new batch are some extensions that were first uploaded in 2020, meaning people have been exposed to malware on official browser repositories for years. Edges store seems to be the place where most of these extensions first appeared, later expanding to Chrome and Firefox, too.

    Some of the extensions store malicious JavaScript code in the PNG logo. The code serves as instructions on how to download the main payload from a remote server. To make detection and attribution more difficult, the attackers made the extensions download the main payload on 10% of the time.

    The main payload can do all sorts of things. First and foremost, it hijacks affiliate links on major ecommerce sites - stealing money directly from content creators.

    Then, it injects Google Analytics tracking into every page the user visits, and strips security headers from all HTTP responses.

    Finally, it can bypass CAPTCHA using three separate mechanisms, and can
    inject invisible iframes, mostly used for ad fraud, click fraud, and
    tracking. These iframes self-destruct after roughly 15 seconds.

    In the meantime, all extensions were removed from their respective repositories, but users are still advised to remove them from their browsers.

    Via BleepingComputer

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/more-malicious-browser-extensions-uncov ered-chrome-firefox-and-edge-all-affected


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)