Firefox joins Chrome and Edge as sleeper extensions spy on users

A group of cybercriminals called DarkSpectre is believed to be behind three campaigns spread by malicious browser extensions: ShadyPanda, GhostPoster, and Zoom Stealer. These campaigns targeted users of Firefox, Chrome, and Edge, with the extensions tracking browsing behavior and installing backdoors. The malicious extensions were found to hide JavaScript code inside image logos and use steganography to evade detection. Mozilla and Microsoft have removed the identified add-ons from their stores, but users with already installed extensions need to manually uninstall them.