StegoAd — Campaign Analysis & Threat Activity

Threat entity extracted from intelligence sources

Frequency
6
occurrences
First Seen
June 29, 2026
Last Seen
July 14, 2026

StegoAd is a threat campaign tracked across 2 threat clusters and 6 intelligence report mentions on ThreatCluster. First observed June 29, 2026; most recent activity July 14, 2026.

Related Threat Clusters

  • ModHeader Extension Removed for Covert Data Collection

    The ModHeader browser extension, used by approximately 1.6 million users across Chrome and Edge, was removed after researchers discovered a dormant data-collection capability embedded in its signed release. The…

    7 articles · Updated July 14, 2026
  • Microsoft Disrupts StegoAd Campaign with Malicious Edge Extensions

    Microsoft has dismantled the StegoAd operation, removing 119 malicious Edge extensions that used steganography to hide malware within image and font files. The campaign, active since 2021, targeted over 2.6 million…

    13 articles · Updated June 29, 2026

Recent Intelligence Reports

  • Google and Microsoft Pull ModHeader Extension Over Data Collector — Technadu · July 14, 2026
  • Microsoft Edge Hit by StegoAd Malware via 119 Malicious Extensions Affecting Over 2.6 ... — Rescana · June 30, 2026
  • Microsoft Disrupts StegoAd Extension Campaign Affecting Up to 2.6 Million Users — Redmondmag · June 29, 2026
  • Microsoft removes 119 Edge extensions hiding malware in images and fonts — Feeds.4Sysops · June 29, 2026
  • Microsoft Removes Over 100 StegoAd Edge Extensions Hiding Malware via Steganography — Technadu · June 29, 2026
  • Microsoft takes down StegoAd operation — News.Risky.Biz · June 29, 2026

CVSS v3.1 Breakdown