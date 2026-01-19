ETV Bharat / technology

GhostPoster Malware Campaign Targets Chrome, Firefox, And Edge Users With Malicious Extensions

Hyderabad: A long-running and sophisticated malware campaign, GhostPoster, has infected Google Chrome, Mozilla Firefox, and Microsoft Edge web browser users. According to GBHacker’s report, this malware campaign deploys 17 malicious extensions that use advanced steganography techniques to evade detection.

The GhostPoster malware campaign is one of the most technically mature and long-lasting web browser extension threats to be documented to date, which has collectively been downloaded more than 840,000 times.

How does GhostPoster malware function?

The most dangerous part of the GhostPoster malware is its usage of Portable Network Graphics (PNG) icon files. With the help of advanced steganography, the malware embeds malicious payloads within PNG icon files that are bundled with browser extensions.

For those who don’t know advanced steganography, it refers to the modern and sophisticated techniques for hiding information within digital carriers such as images, videos, audio, and network protocols. This method focuses on maximising embedded capacity, while maintaining a high-level of stealth. So, it goes beyond simple data hiding, such as the Least Significant Bit (LSB) method.

Once installed, GhostPoster does not rush to infect the system. It is designed to wait quietly for at least 48 hours, and in several advanced versions, the malware waits for five days. During this time, the infected web browsers behave normally, as it avoids those system that watch for suspicious activities right after installation. Once the waiting period is over, the malware connects with remote servers and downloads additional malicious code to corrupt files and systems.

What did this malware actually do?

The GhostPoster malware could:

Weaken website security protections

Redirect affiliate links to steal commissions

Inject malicious scripts for click fraud

Track users across browsing sessions

Bypass CAPTCHA systems, which were meant to stop automated abuse.

When did the GhostPoster malware campaign start?