Firefox joins Chrome and Edge as sleeper extensions spy on users

A group of cybercriminals called DarkSpectre is believed to be behind three campaigns spread by malicious browser extensions: ShadyPanda, GhostPoster, and Zoom Stealer. We wrote about the ShadyPanda campaign in December 2025, warning users that extensions which had behaved normally for years...

GhostPoster Browser Malware Hid for 5 Years With 840,000 Installs

Researchers uncover a 5-year malware campaign using browser extensions on Chrome, Firefox and Edge, relying on hidden payloads and shared infrastructure...

DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide

The threat actor behind two malicious browser extension campaigns, ShadyPanda and GhostPoster, has been attributed to a third attack campaign codenamed DarkSpectre that has impacted 2.2 million users of Google Chrome, Microsoft Edge, and Mozilla Firefox. The activity is assessed to be the work of...

GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads

A new campaign named GhostPoster has leveraged logo files associated with 17 Mozilla Firefox browser add-ons to embed malicious JavaScript code designed to hijack affiliate links, inject tracking code, and commit click and ad fraud. The extensions have been collectively downloaded over 50,000...