ShadyPanda has conducted a seven-year campaign using browser extensions that evolved from legitimate tools to sophisticated spyware, collecting vast amounts of user data. The campaign exploited trusted extension updates and marketplace policies, highlighting the risks of post-approval activity monitoring. #ShadyPanda #BrowserExtensions #GoogleChrome #MicrosoftEdge
Keypoints
- ShadyPanda’s campaign involved over 4.3 million browser extension installations over seven years.
- Malicious modifications in mid-2024 turned legitimate extensions into surveillance and backdoor tools.
- The extensions exfiltrated encrypted browsing data, monitored website visits, and performed AitM attacks.
- Trust was exploited as some extensions, like Clean Master, were verified by Google, enabling silent updates.
- The campaign highlighted vulnerabilities in extension marketplaces’ review processes, allowing long-term abuse.
Read More: https://thehackernews.com/2025/12/shadypanda-turns-popular-browser.html