URGENT UPDATE: Researchers at Koi Security have just revealed a disturbing trend of malware disguised as legitimate browser extensions, impacting over 4 million users across Google Chrome and Microsoft Edge. This malicious scheme, dubbed ShadyPanda, has allowed hackers to surveil users and steal sensitive data after initially posing as benign add-ons.
The alarming discoveries indicate that these extensions, which were operational for years, recently morphed into malware following unsuspecting user trust. Users are urged to act NOW to protect their data as the campaign remains active, particularly on Edge.
The ShadyPanda operation involved 145 extensions masquerading as wallpaper and productivity apps, initially designed to inject affiliate tracking codes for sites like eBay and Amazon. By 2024, these extensions evolved into sophisticated spyware capable of logging keystrokes, potentially compromising users’ sensitive information and crypto assets.
Koi Security has identified that among the malicious extensions was Clean Master, boasting a 4.8 rating from thousands of reviews. Users are now at risk as these extensions were updated in 2024 to maintain full access to browsers, sending data back to hackers. While these malicious add-ons have been removed from Chrome, many remain active on Edge, including new extensions launched in 2023, such as WeTab.
What You Need to Do NOW: Users must check their installed extensions immediately. To identify potential threats, navigate to chrome://extensions/ or edge://extensions/ in your browser. Toggle on Developer mode to reveal extension IDs and cross-reference them with Koi Security’s list of known ShadyPanda identifiers. If you find any malicious extensions, REMOVE them immediately.
Experts caution that these fraudulent extensions often mimic legitimate ones closely, making them difficult to detect. Users should scrutinize names, descriptions, and reviews for signs of deceit. Be wary of extensions with numerous positive reviews amassed in a short time or those that appear unrelated to their descriptions.
As this situation develops, users are advised to remain vigilant and adopt best practices for vetting browser extensions, similar to how one would scrutinize mobile apps. Conduct additional research using platforms like Google or Reddit to verify the legitimacy of unfamiliar extensions.
The implications of this malware outbreak are significant, posing risks not only to personal privacy but also to financial security. As users increasingly rely on browser extensions for convenience, the threat of malware disguised as useful tools has never been more pressing.
Stay alert, and share this information to help others protect their online security.
