Did you know that the handy browser extensions you use to download videos or translate text might be putting your online security at risk? It's a chilling thought, especially when you consider how many of us rely on these tools daily. Cybersecurity experts have recently sounded the alarm, uncovering a widespread campaign that has infiltrated popular browsers like Firefox, Google Chrome, and Microsoft Edge.
The Shocking Discovery: A cybersecurity firm named LayerX has identified 17 malicious browser extensions that, in total, have been downloaded a staggering 840,000 times. What's even more concerning is that some of these rogue add-ons have been active and lurking in the digital shadows for as long as five years! Thankfully, both Mozilla and Microsoft have taken swift action to remove these harmful extensions from their official stores. However, if you've previously installed any of them, you'll need to take the extra step of uninstalling them manually from your browser.
The Top Offenders: Among the discovered threats, the extension titled “Google Translate in Right Click” stood out, boasting over 500,000 downloads. Close behind was “Translate Selected Text with Google,” which garnered nearly 160,000 downloads. These tools, designed to make our online lives easier, were actually a Trojan horse for malicious activity.
Unveiling the GhostPoster Campaign: These extensions were part of a larger malware operation that researchers have dubbed the GhostPoster campaign. This sophisticated attack leveraged a clever technique called steganography, which involves hiding malicious code or links within seemingly innocent image files (like a PNG icon). It's like a secret message hidden in plain sight!
The Delayed Danger: Adding to the insidious nature of these extensions is their use of delayed execution. This means that even after installation, the malicious behavior wouldn't immediately manifest. It could take weeks or even months for the hidden payload to activate. Once triggered, these extensions were capable of compromising your web security by manipulating HTTP headers, hijacking your affiliate traffic for unauthorized monetization, and injecting scripts to facilitate click fraud and invasive user tracking.
Beyond Translation: The malicious capabilities didn't stop there. These extensions could also automate CAPTCHA solving, a task usually meant to verify you're human, and inject further malicious scripts, granting attackers extensive control over your browsing experience.
The Full List of Suspicious Add-Ons: The extensions identified in this particular campaign include:
- Google Translate in Right Click
- Translate Selected Text with Google
- One Key Translate
- Translate Selected Text with Right Click
- Ads Block Ultimate
- AdBlocker
- Amazon Price History
- Color Enhancer
- Cool Cursor
- Convert Everything
- RSS Feed
- Floating Player – PiP Mode
- YouTube Download
- Instagram Downloader
- Save Image to Pinterest on Right Click
- Full Page Screenshot
- Page Screenshot Clipper
- Youtube Download
(Image Credit: LayerX Security)
But here's where it gets even more alarming... This isn't an isolated incident. A previous investigation by Koi Security revealed other malicious browser extensions, including the popular Urban VPN Proxy. This Google Chrome extension, with an astonishing 8 million users, was found to be secretly collecting data from conversations with AI tools like ChatGPT, Claude, and Gemini and then selling that sensitive information to data brokers. The illicit VPN employed a similar tactic of embedding hidden code within a PNG image before redirecting users to sites designed to inject malware.
And this is the part most people miss: The sophistication of these attacks highlights the constant need for vigilance. Even seemingly innocuous tools can be weaponized. Is it time we re-evaluate our trust in browser extensions, even those with millions of downloads? What are your thoughts on the security of browser add-ons? Do you have any of these on your browser? Let us know in the comments below – we'd love to hear your experiences and opinions!
