Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts

Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts Swati KhandelwalJun 29, 2026Browser Security / Ad Fraud Microsoft has shut down a long-running malicious extension operation on the Edge Add-ons store that hid its payloads inside ordinary image and font files, then woke up days after install to steal credentials and run ad fraud. The company calls it StegoAd, a mash-up of steganography and adware, and ties 119 extensions to a single threat actor it says has been active since at least 2021. The extensions were the kind people install without a second thought: ad blockers, VPNs, translators, video downloaders. Each one did its job and earned reviews. The malicious code stayed dormant until the extension cleared a stack of evasion checks, which is how it sat in the store for years. Combined, the 119 extensions had an install base of up to 2.6 million users. Microsoft is clear that this is a ceiling, not a victim count. A multi-day delay, server-side validation, and a 10% execution gate on some variants meant the payload never fired for many installs. How many people were actually compromised is not known. Code hidden in pictures and fonts The trick that names the campaign is steganography: tucking executable code inside files that look completely normal. The earliest variants appended JavaScript after the IEND marker of a PNG icon, so the image rendered fine everywhere while carrying a payload that static scanners never flagged. As detection caught up, the actor moved to WebP images, then to WOFF2 font files, hiding code in glyph ranges that read as Asian text or font metadata. Microsoft calls steganography at this scale rare in the browser extension ecosystem. Some high-impact variants did not even ship the payload locally. They fetched a normal-looking image from a command-and-control server. The extension decoded it through layers of case swaps, digit swaps, Base64, and XOR, then checked it against a signature before running it. The C2 server only served the real file to requests that passed a fingerprint and a User-Agent check; anyone probing it directly, researchers included, got an empty decoy response. Extensions also watched for open DevTools and extended their dormancy if they spotted an analyst looking. Ad fraud on top, credential theft underneath The visible damage was ad fraud: injected ads, hijacked affiliate commissions on Amazon, eBay, and AliExpress, and redirected searches, all skimming money while degrading browsing. Microsoft's analysis of retrieved payloads found a lot more underneath. The payloads included a remote code execution backdoor that ran arbitrary JavaScript pushed from the server. They also stole Google credentials and second-factor codes at sign-in, harvested WordPress admin logins, and exfiltrated cookies in bulk for session hijacking. Microsoft says seven Google Analytics tracking IDs appear to have served as covert telemetry, giving the operator near real-time dashboards on the campaign through Google's own infrastructure. The plumbing matched the ambition. Microsoft counts more than ten C2 domains with automatic failover. The actor proxied traffic through Cloudflare Workers and abused GitHub Pages to host beacons. A polymorphic framework ran across roughly 66 extensions under 15-plus naming variants, and the operation migrated from Manifest V2 to V3 as the actor adapted to platform changes. What to do Microsoft says it has removed all 119 extensions and suspended the 90-plus developer accounts behind them. The full list of extension IDs is in the company's technical report. Open edge://extensions and compare your installed add-ons against that list. If anything matches, or if Edge removed one automatically, treat the browser as exposed. Change passwords for Google, WordPress, banking, and other sensitive accounts. Review recent sign-in activity, and turn on strong two-factor authentication. Hardware security keys hold up against this kind of credential theft in a way that SMS codes do not. Microsoft published indicators of compromise for use across Chrome, Firefox, and other Chromium browsers. StegoAd looks less like a new campaign than a new face on a known one. Its credential payload exfiltrates to mitarchive.info, a domain Koi Security ties to DarkSpectre, the Chinese operation it linked in December to the ShadyPanda and GhostPoster extension campaigns. The connection goes beyond the domain. StegoAd hides code inside an extension's own icon, the same method GhostPoster used months earlier. The two even share extension names, such as Ads Block Ultimate. Microsoft has not named the actor, but the overlap is clear. The operator is still active, Microsoft says. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  ad fraud, Browser Extension, Cloudflare Workers, Credential Theft, Edge Browser, GitHub, Microsoft, remote code execution, Steganography ⚡ Top Stories This Week Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents ⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data 29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution Load More ▼ ⭐ Featured Resources Have You Outgrown Your MDR? 7 Warning Signs Every CISO Should Check Get the 2026 Guide to Govern and Secure Enterprise AI Agents at Scale AI Can’t Stop Every Attack. Learn How Zero Trust Can Block What’s Unknown [Watch Demo] See Which Security Gaps Attackers Could Exploit First