Malicious Browser Extensions Infiltrate Chrome, Edge, Firefox via Adware

Adware Campaign Distributes Malicious Browser Extensions Via Compromised Websites

• An adware campaign has compromised over 100 websites, deploying malicious browser extensions to users via injected JavaScript.
• The extensions, identified as "PDF Toolbox," "PDF Extension," "PDF Converter," and "Change Color," are distributed through legitimate ad networks and affect browsers like Chrome, Edge, and Firefox.
• These extensions engage in ad injection, data theft, browsing activity tracking, and affiliate link injection, impacting websites built with popular CMS platforms such as WordPress and Joomla.

Source: Security Affairs | Date: April 25, 2026

References

1. Security Affairs newsletter Round 574 by Pierluigi Paganini – INTERNATIONAL EDITION - Security Affairs