Moonlock published an in-depth article examining the GhostPoster browser extension campaign, featuring research and expert insight from Daud Jawad, Security Engineer on the Fortra Intelligence and Research Experts (FIRE) team. The piece details how attackers conceal malicious JavaScript inside PNG logo files and distribute extensions through trusted Chrome, Firefox, and Edge stores, allowing the threat to operate quietly at scale. Jawad’s analysis highlights why these extensions are difficult for users to detect and why the risk applies across operating systems, including macOS.
Originally published in Moonlock.
Excerpt: “A common misconception is that Apple devices are somehow immune to threats such as malicious browser extensions, but that is not how this risk works in practice.”
Moonlock: This malicious browser extension can infect a Mac via a PNG file
Published on April 1, 2026
