Browser Extensions
-
GhostPoster campaign hid JavaScript in Firefox extension icons to load backdoor
Researchers at Koi Security uncovered the GhostPoster campaign, which hides a JavaScript loader inside Firefox extension icon images to fetch an obfuscated payload that can hijack affiliate links, inject tracking, strip security headers and conduct ad and click fraud; Mozilla said it removed the affected extensions and updated detection systems.
-
Researchers: Popular Chrome VPN extension collected AI chatbot prompts and responses
Security researchers reported that the Chrome extension Urban VPN Proxy was observed collecting prompts and responses from multiple AI chatbots, sending captured conversation data to external servers; researchers linked the behavior to a July 9, 2025 update and raised concerns about downstream sharing with affiliated data firms.
-
Researchers find VS Code extensions that install stealer malware, Microsoft removes packages
Researchers and security firms found two malicious Visual Studio Code extensions that stole credentials, screenshots and browser data; Microsoft removed the packages and analysts warned developers to review extensions and supply-chain risks.
-
Long-running ‘ShadyPanda’ campaign amassed more than 4.3 million browser extension installs, researchers say
Researchers say the ShadyPanda campaign turned hundreds of browser extensions into spyware and backdoors, accumulating more than 4.3 million installs across Chrome and Edge and exfiltrating browsing data to multiple domains.
-
Researchers find self‑propagating ‘GlassWorm’ targeting VS Code extensions using Solana for command control
Researchers have found a self‑spreading worm called GlassWorm that infects VS Code extensions on Open VSX and the Microsoft Marketplace, uses the Solana blockchain and Google Calendar for command control, and steals developer credentials and cryptocurrency assets.
-
Researchers warn spoofed AI sidebars can trick Atlas and Comet users into dangerous actions
Security researchers at SquareX say they can use a malicious browser extension to overlay a fake AI sidebar in Atlas and Comet, tricking users into phishing pages, OAuth theft of Gmail/Drive access, or running commands that install a reverse shell.
-
Widespread Browser Hijacking Campaign Disguised as Popular Extensions
A report by Koi Security has exposed a malicious browser hijacking campaign that has infected over 2.3 million users through seemingly legitimate extensions, highlighting significant security concerns in the browser extension ecosystem.
-
Cybersecurity Alert: Malicious Browser Extensions Target Brazilian Users in Widespread Phishing Campaign
A new phishing campaign has surfaced, aiming at Brazilian users through malicious browser extensions that stole sensitive authentication data. The operation has reportedly infected 722 systems across different countries.
