What is the ShadyPanda malware campaign?

ShadyPanda is a malware operation that disguised itself within Chrome and Edge browser extensions, turning them into spyware to steal user data.

How did ShadyPanda affect 4.3 million users?

The campaign infected extensions that users downloaded, which were then silently updated with malicious code that spied on their online activities.

What kind of data did the ShadyPanda extensions collect?

They collected browsing history, search terms, keystrokes, cookies, fingerprint data, and even mouse movement coordinates from infected users.

Home / Technology / Millions Exposed: Trusted Extensions Secretly Became Spyware

Millions Exposed: Trusted Extensions Secretly Became Spyware

12 Dec

•

Summary

Malware campaign infected 4.3 million users via Chrome and Edge extensions.
Extensions were updated silently, turning them into spyware over time.
Attackers collected extensive personal data, including keystrokes and mouse movements.

Millions Exposed: Trusted Extensions Secretly Became Spyware

A prolonged malware campaign has been uncovered, targeting millions of users through seemingly innocuous browser extensions. The ShadyPanda operation affected an estimated 4.3 million individuals by converting legitimate Chrome and Edge add-ons into sophisticated spyware over several years. These extensions began as simple tools but were later updated through trusted auto-update systems, adding hidden surveillance functions without user interaction.

The compromised extensions injected tracking code, hijacked searches, and logged a wide array of personal data, including browsing history, keystrokes, and mouse movements. Attackers gained remote code execution capabilities, allowing for full browser control and data exfiltration. The extensions could also perform adversary-in-the-middle attacks for credential theft and code injection.