Malware found in 17 Firefox browser add-ons

Date: 17 December 2025.

The Hacker News report that hackers have "leveraged logo files associated with 17 Mozilla Firefox browser add-ons to embed malicious JavaScript code designed to hijack affiliate links, inject tracking code, and commit click and ad fraud."

These add-ons (aka extensions) were advertised as VPNs, screenshot utilities, ad blockers, and unofficial versions of Google Translate.

But they deliver a multi-stage malware payload that monitors everything you browse, removes browser security protections, and opens a backdoor for remote code execution.

The Hacker News report that the add-ons are no longer available.

But Firefox browser users should check they have not installed the nefarious add-ons and remove them.

Read more: Malware found in 17 Firefox Add-ons.

Related News

The Hacker News report that this "development comes merely days after a popular VPN extension for Google Chrome and Microsoft Edge was caught secretly harvesting AI conversations from ChatGPT, Claude, and Gemini."

Read more: Featured Chrome browser extension caught intercepting millions of users' AI chats.

The Hacker News subsequently reported that the developer of Google Chrome extension 'Trust Wallet' was urging users to update it to the latest version following what it described as a "security incident" that led to the loss of approximately $7 million.

Read more: Trust Wallet Chrome extension bug.

And in August 2025, another Chrome extension was reported to have been observed collecting screenshots, system information, and users' locations.

How should you respond?

Are free VPN extensions too good to be true?

Probably.

In theory any browser extension could be similarly exploited.

So keep your use of browser extensions to the absolute minimum.

And look out for suspicious behaviour in your browser.

If an extension you installed a long time ago suddenly starts to behave differently (example, unexpected pop-ups, performance issues) then consider that it may have received a malicious update.

If you suspect foul play then uninstall the extension.

Better still, uninstall and reinstall the latest release of the browser application.

Finally, don't assume that a "Featured" badge in an online marketplace and millions of existing users means an extension may not at some future date be harmful.