These Browser Extensions You’ve Used For Years May Now Be Spying On You

A few weeks ago, we covered DarkSpectre, a threat actor responsible for running numerous spyware campaigns that, combined, infected a total of at least 8.8 million Google Chrome, Mozilla FireFox, and Microsoft Edge users. One of the key ways this was done was through malicious extensions, with the caveat that said extensions did have legitimate functionality (at least initially) before being updated with the spyware functions, leading to them being coined "sleeper extensions" by researchers at Koi.

In the time since, security researchers at LayerXSecurity have discovered 17 additional extensions that follow the scheme of DarkSpectre's "GhostPoster" campaign of spyware extensions. We've listed the identified extensions below, and combined they've racked up an additional 840K installs across Chrome, FireFox, and Edge. The research also indicates an evolution in DarkSpectre's tactics, "suggesting ongoing experimentation and adaptation" to attempts by researchers and security software to uncover and ...