GhostPoster Scandal: Malicious Firefox Add-ons Hijack 50,000 Users – When Free VPNs Go Boo!

GhostPoster has been hijacking Mozilla Firefox add-ons with malicious JavaScript. Advertised as VPNs and other utilities, these add-ons were actually plotting a sinister click and ad fraud scheme. Remember, folks, when it comes to free VPNs, the only thing you might be blocking is your own privacy.

3P
Published: December 17, 2025 9:47 amAdded: December 17, 2025 at 2:17 amAssembled by: The Editor
Pro Dashboard

Hot Take:

When your browser extensions start behaving like secret agents, it’s time to uninstall faster than you can say “click fraud!” Who knew logo files could moonlight as James Bond villains, eh? Better keep an eye on those innocent-looking add-ons before they turn your browser into a circus of malicious antics.

Key Points:

  • 17 Mozilla Firefox add-ons were found to embed malicious JavaScript code for ad fraud.
  • The campaign, dubbed GhostPoster, affected over 50,000 downloads.
  • Malware operations include affiliate hijacking, tracking injection, and CAPTCHA bypass.
  • Extensions exhibited evasion techniques like time delays and probabilistic payload fetching.
  • The campaign highlights ongoing risks with free VPN and utility browser extensions.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?