Home World USA Latin America Europe Asia Africa TV Shows Showbiz Travel Lifestyle Opinion Science Politics Health Sports Tech Entertainment Business
Tech January 20, 2026

YOUR BROWSER IS COMPROMISED: 840,000+ ATTACKED – DELETE NOW!

YOUR BROWSER IS COMPROMISED: 840,000+ ATTACKED – DELETE NOW!

A silent threat has been lurking within the everyday tools we use to navigate the internet. Security researchers have uncovered a sophisticated malware campaign, dubbed “GhostPoster,” that has quietly infected hundreds of thousands of users worldwide.

This isn’t a typical virus downloaded from a suspicious website. GhostPoster cleverly disguises itself *within* legitimate-looking browser extensions, targeting users of Chrome, Firefox, and Edge. The scale of the attack is alarming – over 840,000 systems have been compromised since December alone.

The discovery came from experts at Koi Security, who noticed something deeply unsettling. The malicious code wasn’t *in* the extension’s core programming, but hidden within the seemingly harmless image data of the extension’s logo. It’s a masterful act of digital camouflage.

Once installed, the extension doesn’t immediately launch an attack. Instead, it patiently observes user behavior, gathering information. Then, a hidden script – concealed behind a series of seemingly innocuous “=” signs – activates through a backdoor embedded in the logo’s code.

This activated script doesn’t just steal data. It grants attackers extended control over the infected device, opening the door to further malware installation and a complete compromise of the system. The implications are severe, ranging from data theft to complete system control.

What makes GhostPoster particularly insidious is its longevity. These malicious extensions have been quietly available in the official Mozilla and Microsoft stores since 2020, remaining undetected for over five years. This prolonged period allowed the attackers to infect a vast number of unsuspecting users.

Both Mozilla and Microsoft have now removed the identified malicious extensions from their stores. However, simply removing the extensions from the marketplace isn’t enough. Users who previously installed these extensions must take immediate action to protect themselves.

Manual removal is crucial. If you had any of the following extensions installed, they must be uninstalled from your browser to prevent continued damage:

AdBlock

Ads Block Ultimate

Amazon Price History

Color Enhancer

Convert Everything

Cool Cursor

Floating Player – PiP Mode

Free MP3 Downloader

Free VPN Forever

Full Page Screenshot

Google Translate in Right Click

I Like Weather

Instagram Downloader

One Key Translate

Page Screenshot Clipper

RSS Feed

Save Image to Pinterest on Right Click

Translate Selected Text with Google

Translate Selected Text with Right Click

Weather Best Forecast

World Wide VPN

YouTube Download

This campaign serves as a stark reminder of the evolving sophistication of cyber threats. Even seemingly trustworthy sources can be compromised, and vigilance is paramount in protecting your digital life. Regularly review your browser extensions and be wary of anything unfamiliar or unnecessary.

Share this article

UMVA MAG

UMVA Mag is your trusted source for breaking news, in-depth analysis, and compelling stories from around the world. Covering politics, business, technology, entertainment, sports, health, science, and more — we deliver journalism that matters.

Independent, Accurate, Unbiased
24/7 Breaking News Coverage
Trusted by Millions Worldwide