The ShadyPanda operation has infected millions of browser extensions, evolving from legitimate tools into spyware that exfiltrates sensitive user data. Despite removals from Google, the campaign persists on Microsoftβs Edge platform, posing ongoing security risks. #ShadyPanda #BrowserExtensions
Keypoints
- The ShadyPanda malware campaign involves 145 malicious browser extensions across Chrome and Edge.
- The extensions originally appeared as legitimate tools but later incorporated malicious functionalities like spyware and backdoors.
- Some extensions, such as Clean Master, reached hundreds of thousands of installs before being flagged as malicious.
- The campaign includes activities like search hijacking, cookie theft, and exfiltration of browsing data to servers in China.
- The operators continually update the extensions with remote code execution capabilities, increasing the threat level.