GhostPoster malware found on up to 17 Firefox add-ons
GhostPoster malware has been found on 17 Firefox add-ons. Over 50 thousand victims have already been found.
Modern-day web browsers often have add-On or extension extensions to the browser's functionality, and this is also a weakness because hackers can use web browser extensions to release malware.
According to a report by the website, The Hacker News has mentioned the detection of a GhostPoster malware distribution campaign, a malware that uses JavaScript to take over Affiliate Link and shoot fraudulent fake ads through a fake add-on for the Firefox web browser. This campaign was detected by a research team from Koi Security, a software security management specialist. The research team revealed that these fake add-ons have been downloaded more than 50,000 times. The list of add-ons that are the following:
Free VPN
Screenshot
Weather ()
Mouse Gesture (crxMouse)
Cache - Fast site loader
Free MP3 Downloader
Google Translate ()
Traductor de Google
Global VPN - Free Forever
Dark Reader Dark Mode
Translator - Google Bing Baidu DeepL
Weather (i-like-weather)
Google Translate ()
libretv-watch-free-videos
Ad Stop - Best Ad Blocker
Google Translate ()
After installing the add-on on the victim's web browser, during the activation of the add-on, the logo file of the add-on was pulled down. During the processing of the logo file, the malware code encountered a Marker code with a "= =" symbol, which led to the removal of the JavaScript code. The malware then contacted the server located at "www.liveupdt [.] com" or "www.dealctr [.] com" to pull down the payload from the server. It was omitted for 48 hours per attempt to pull down the payload each round, and to evade it. Detect Payload downloads only 10% at a time.
For the capabilities of this malware is as follows:
The theft took over Affiliate Link from web e-commerce such as Taobao and JD.com to use itself to steal the victim's commission caused by the sale.
Tracking Code to track the victim's web access
Remove security on parts of the Header, such as Content-Security-Policy and X-Frame-Options, to open the way to attack victims with Clickjacking and Cross-site Script methods.
Shoot invisible (Invisible) content into a section of iFrame, opening the way for hackers to shoot fake ads onto victim websites opened via a malware-addicted web browser.
The feature evades Captcha (CAPTCHA bypass) and evades being detected by bots on the website.
# Trending # Drug sign with lemon8 # lemon 8 diary # IT should know # freedomhack





















































































