1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 4.3 million have installed this malicious browser extension on Ch

    From TechnologyDaily@1337:1/100 to All on Tuesday, December 02, 2025 14:30:08
    4.3 million have installed this malicious browser extension on Chrome and
    Edge - here's how to check

    Date:
    Tue, 02 Dec 2025 14:23:00 +0000

    Description:
    After five years, browser extensions turned malicious, putting countless people at risk.

    FULL STORY ======================================================================ShadyPan da campaign turned 145 Chrome/Edge extensions malicious after years of normal use Updates added affiliate fraud, cookie theft, search hijacking, and remote code execution 4.3M devices at risk; Google removed extensions, Microsoft slower to respond

    More than a hundred browser extensions spread across Google Chrome and Microsoft Edge browsers turned malicious after five years of normal
    operation. The attackers were apparently playing the long con game - building trust for years before pulling the trigger on unsuspecting victims. Apparently, around 4.3 million devices are at risk.

    This is according to security researchers Koi Security, who discovered the campaign it later dubbed : ShadyPanda.

    As per the report, the extensions started showing up on browser stores in 2018. They operated normally, offering users different features like wallpapers or productivity improvements. However, from 2023 onward, the extensions started getting updates which gradually introduced malicious capabilities. Remote code execution and infostealing

    In 2023, the attackers started with affiliate fraud, adding tracking codes from eBay, Amazon, Booking[.]com, and other sites, into legitimate links.
    That way, they were earning commission on users purchases without their knowledge, or consent.

    This practice lasted for about a year before the attackers decided to take it a step further and steal session cookies, hijacking search engine results. Some of the extensions redirected search queries to different (dubious)
    search engines, some exfiltrated them to different subdomains, and some
    simply forwarded session cookies.

    That same year, some of the extensions were also updated to include remote code execution (RCE) capabilities, effectively turning them into a backdoor.

    Finally, in 2025, it's last update allowed the attackers to steal all sorts
    of sensitive information, from complete browser histories to search queries and mouse click locations. They were also stealing browser fingerprints, page interaction analysis, access to localStorage, sessionStorage, and cookies.

    The list of extensions is quite extensive. There are 125 of them for Edge,
    and 20 for Chrome. Google has reportedly already removed all that were hosted on its repository, while Microsoft seems to be lagging behind a bit. To check the full list of malicious extensions, make sure to read Koi Securitys full report here .

    Via BleepingComputer

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/4-3-million-have-installed-this-malicio us-browser-extension-on-chrome-and-edge-heres-how-to-check


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)