Microsoft Removes 119 Malicious Edge Extensions Used for Credential Theft and Ad Fraud

Microsoft has removed 119 malicious extensions from the Edge Add-ons store after uncovering a long-running campaign, dubbed StegoAd, that concealed malware inside image and font files using steganography. Disguised as legitimate tools such as ad blockers, VPNs, translators, and video downloaders, the extensions remained dormant for days before activating to steal credentials, hijack browser sessions, execute remote code, and conduct ad fraud. Microsoft estimates the extensions were installed up to 2.6 million times, although the actual number of compromised users is unknown due to staged activation and evasion techniques. The company has suspended more than 90 developer accounts linked to the operation and advised users to remove affected extensions, reset credentials, and enable stronger multi-factor authentication.

Reference: thehackernews.com