Microsoft takes down over 100 malicious Edge extensions hiding malware in images and fonts
Date:
Tue, 30 Jun 2026 15:15:00 +0000
Description:
Microsoft says the 119 malicious extensions were downloaded a total of 2.6 million times since 2021.
FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter 119 malicious Edge extensions flew under the radar They installed harmful code days after extension installation It's proof that static code review is no longer sufficient Microsoft says it has taken down 119 malicious extensions from the Edge Add-ons store after "proactive threat hunting" revealed a campaign that's
been dubbed StegoAd.
As part of the program, the company also had to suspend more than 90
developer accounts associated with the dodgy activity. Believed to have been active since at least 2021, it's believed that the malicious browser extensions had been downloaded a total of 2.6 million times. Latest Videos From Watch full video here: Microsoft removes 119 'StegoAd' malicious extensions The campaign was so broad that the extensions didn't just occupy one category: ad blockers, VPNs, video downloaders, translators and utility tools like PDF exporters were all ploys for the malicious extensions.
This particular campaign got its name from the type of tactic used steganography is the name given to hiding malicious code inside seemingly harmless files. PNG images, SVG graphics and font files had hidden JavaScript embedded inside to bypass traditional antivirus tools and web filtering. You may like Google Chrome users beware experts warn over 100 Web Store extensions found stealing user data from thousands of accounts Edge users beware this malicious extension can break out of the sandbox and install ransomware Microsoft takes down 'Fox Tempest' cybercrime service
Once installed, Microsoft says they remained dormant for three to five days
to avoid detection before going on to steal browser credentials, redirect users to malicious websites, manipulate affiliate links for financial gain, download additional malicious code and even communicate with C2 servers for updated instructions.
"The StegoAd campaign demonstrates that browser extensions remain a potent
and evolving attack surface," Microsoft wrote, admitting that even its own safeguards had missed these dodgy extensions. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me
with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
The report also concludes that static code review alone is no longer sufficient, because extensions and other installations can download malicious code long after they were first installed.
For developers themselves, Microsoft recommends being as clear as possible by not obscuring code, requesting only the necessary permissions to build trust, and report any suspected impersonation. Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
======================================================================
Link to news story:
https://www.techradar.com/pro/security/microsoft-takes-down-over-100-malicious -edge-extensions-hiding-malware-in-images-and-fonts
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)