ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Cybersecurity

Microsoft removes 119 malicious Edge extensions hiding payloads in images

Source headline: Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts

Threat level High
Signal strength 75/100
Source confidence 1 source
Published 2 hours ago

Intelligence Summary

Microsoft disabled a campaign of malicious Microsoft Edge add-ons found in the Edge Add-ons store. The extensions hid their payloads inside ordinary image and font files. After installation, they reportedly activated later to steal credentials and generate ad fraud. Microsoft attributes the activity to a single threat actor active since at least 2021 and calls the scheme StegoAd. Users should review installed Edge extensions and remove any untrusted or inactive add-ons.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#credential-theft #ad-fraud #microsoft-edge #edge-add-ons #malicious-extensions #steganography
Original reporting The Hacker News Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts
Open original source

Related Pulse Signals

View all signals
High · Cybersecurity US puts $10M bounty on UNC5792 and UNC4221 over messaging app intrusions High · Cybersecurity Hijacked npm and Go packages use VS Code tasks to deliver Python infostealer High · Cybersecurity KDDI discloses email-system breach affecting millions of ISP logins Medium · Cybersecurity Apple seeks U.S. clearance to buy RAM from Pentagon-blacklisted CXMT supplier