A threat actor known as ShadyPanda has been deploying malicious Chrome and Edge extensions that track users and execute remote code, affecting millions of downloads. These extensions have evolved from legitimate tools into backdoors capable of surveillance, data exfiltration, and potentially more malicious activities. #ShadyPanda #InfinityV+ #CleanMaster #nuggetsno15 #Zhang
Keypoints
- ShadyPanda has been weaponizing seemingly safe browser extensions for over seven years.
- The malicious extensions have over 4 million downloads and include popular titles like Clean Master and WeTab New Tab Page.
- In 2023, the actor focused on affiliate fraud by injecting tracking codes into e-commerce links.
- In early 2024, the extensions shifted tactics to redirect searches and exfiltrate browsing data through advanced payloads.
- The extensions have evolved into backdoors capable of remote code execution, risking espionage, ransomware, and credential theft.
Read More: https://www.securityweek.com/chrome-edge-extensions-caught-tracking-users-creating-backdoors/