THE article discusses the StegoAd campaign, where 119 malicious browser extensions on the Microsoft Edge Add-ons store falsely posed as useful tools like ad blockers and VPNs, accumulating 2.6 million installs over two years without detection. Microsoft revealed that the extensions employed advanced steganography techniques to hide malicious JavaScript code within image and font files, allowing them to execute covertly.
The campaign involved credential theft, 2FA interception, and ad fraud, where the intruders injected their ads while hijacking legitimacy from platforms like Google and Amazon. Despite Microsoft's shutdown of the campaign, the operator displayed an adaptive capacity to evade detection across several iterations, raising concerns about security for users of these extensions.