Malicious GhostPoster Extensions: A Looming Threat for Millions
Recent findings reveal that over 840,000 users have inadvertently installed malicious browser extensions linked to the ongoing GhostPoster campaign. These extensions, available on Chrome, Firefox, and Edge stores, have been active since at least 2020, raising concerns about their long-term impact, especially in the North East region of India, where internet usage is on the rise.
Identified Extensions and Their Malicious Activities
- Google Translate in Right Click: With 522,398 installations, this extension monitors browsing activity and hijacks affiliate links on major e-commerce platforms.
- Translate Selected Text with Google: Installed by 159,645 users, this extension tracks browsing activity and injects invisible iframes for ad fraud and click fraud.
GhostPoster's Evolution and Persistence
While the malicious activities of the GhostPoster extensions remain similar to those previously documented, a more advanced variant has been identified in the Instagram Downloader extension. This variant moves the malicious staging logic into the extension's background script and uses a bundled image file as a covert payload container.
Implications for Northeast India and the Broader Indian Context
As internet penetration increases in the Northeast region, the potential for cyber threats, such as the GhostPoster campaign, also grows. Users in this region must be vigilant about the extensions they install and the permissions they grant, as these extensions can pose a significant risk to their privacy and security.
Moving Forward: Staying Secure in an Unpredictable Digital Landscape
As cyber threats continue to evolve, it's essential for users to stay informed and take proactive steps to protect themselves. This includes regularly updating browser software, installing reputable security extensions, and being cautious about the extensions they add to their browsers.