ADVERTISEMENT

GhostPoster malware campaign exploits live Firefox extensions

A live malware campaign called GhostPoster is hiding malicious JavaScript inside Firefox extension logo files, resulting in over 50,000 unsuspecting users to download more than a dozen compromised add-ons so far.

Firefox and Windows zero day vulnerabilities

Image by Cybernews.

Stefanie Schappert
Stefanie Schappert Senior Journalist
Dec 17, 2025 Updated: 19 December 2025 3 min read
Key takeaways:
GhostPoster PNG logo
A malicious loader is hidden behind what appears to be a "harmless logo." Image by Koi Security.
GhostPoster malware VPNs
Free VPN's page on Firefox's marketplace. Image by Koi Security.
ADVERTISEMENT

What’s the end goal?

GhostPoster malware code
Redirect to hijacked affiliate link. (top) Scanning logo bytes for the hidden payload (bottom). Image by Koi Security.
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News
Add us as your Preferred Source on Google.
ADVERTISEMENT