If You've Installed Any of These 17 Browser Extensions, Delete Them Now
These popular add-ons have been found across Chrome, Firefox, and Edge.
Emily Long
January 22, 2026
Key Takeaways - Malicious browser extensions capable of tracking user activity have been found across Chrome, Firefox, and Edge.
- The campaign, known as GhostPoster, plants malicious code in add-on logos.
- If you have one of the 17 extensions identified, delete it ASAP.
Another wave of malicious browser extensions capable of tracking user activity and compromising privacy have been found across Chrome, Firefox, and Edge, some of which may have been active for up to five years.
The campaign, known as GhostPoster, was identified by Koi Security in December and included 17 Firefox add-ons designed to monitor users' browsing activity. Threat actors planted malicious JavaScript code in the extension's PNG logo, which served as a malware loader to retrieve the main payload from a remote server. Researchers at LayerX have found an additional 17 malicious extensions across multiple browsers that have collectively been installed more than 840,000 times.
Ongoing GhostPoster malware campaign
According to the report from LayerX, GhostPoster initially targeted Microsoft Edge and then expanded to Chrome and Firefox. The malicious add-ons may have been active as early as 2020 and include the following:
continues at lifehacker.com |
