A stealthy malware operation has been discovered by cybersecurity researchers, which remained undetected for a period of up to five years and accumulated more than 840,000 downloads on various platforms. The research began with a study by Koi Security of a Firefox browser extension called GhostPoster, which embedded its malicious code in a seemingly innocuous PNG image file. Such a trick allowed the malware to evade static analysis and manual reviews by browser markets.
Based on the findings of Koi Security, the LayerX researchers decided to dig deeper into the infrastructure and discovered 17 more extensions that used the same backend infrastructure and had the same tactics, techniques, and procedures (TTPs). In total, these extensions had more than 840,000 downloads, with some of them remaining undetected on the users’ devices for almost five years. LayerX researchers also discovered a more complex variant of the malware that used other evasion techniques and had 3,822 downloads on its own.
The operation emanates from Microsoft Edge and then methodically moves to chrome and Firefox, which looks like the work of a patient, evolving threat actor that is focused on stealth and trust-building. The extensions used to mimic legitimate functionality at first, a
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: