Microsoft Disrupts StegoAd Operation with Takedown of Malicious Edge Extensions

Microsoft has removed 119 malicious Edge extensions linked to the StegoAd operation, which aimed to steal user credentials and engage in advertising fraud. The extensions, published through over 90 developer accounts, utilized steganography to hide malicious payloads within image and font files, activating them 3 to 5 days post-installation. This operation has been active since at least 2021 and affected over 2.6 million users. The extensions provided legitimate functionality while secretly executing harmful actions, making them particularly deceptive. Microsoft described the StegoAd operators as sophisticated, employing advanced evasion techniques to avoid detection. The operation also extended to Chrome and Firefox, indicating a broader impact across multiple browser ecosystems.

Key Points: • Microsoft removed 119 malicious Edge extensions involved in credential theft and ad fraud. • The StegoAd operation used steganography to conceal malware within image and font files. • Over 2.6 million users may have been affected by these deceptive extensions.