Microsoft Disrupts StegoAd Campaign with Malicious Edge Extensions

Microsoft has dismantled the StegoAd operation, removing 119 malicious Edge extensions that used steganography to hide malware within image and font files. The campaign, active since 2021, targeted over 2.6 million users, employing techniques like remote code execution and time-delayed payload activation. The extensions masqueraded as legitimate tools, including ad blockers and VPNs, while executing credential theft and ad fraud. Microsoft confirmed that the threat actors demonstrated advanced evasion techniques, including fingerprint checks for payload delivery. The takedown highlights the ongoing risks associated with browser extensions that request access to user data. Users are advised to review their installed extensions and change passwords if affected. The full list of malicious extensions is available in a detailed report by Microsoft.

Key Points: • Microsoft removed 119 malicious Edge extensions involved in the StegoAd campaign. • The operation utilized steganography to conceal malware within image and font files. • Over 2.6 million users may have been affected by these malicious extensions.