A Chinese-linked threat actor has been tied to a third large-scale malicious browser extension campaign that has compromised data from millions of users across major web browsers, according to new findings by cybersecurity firm Koi Security.
The latest campaign, dubbed DarkSpectre, has affected about 2.2 million users of Google Chrome, Microsoft Edge and Mozilla Firefox, the researchers said.
DarkSpectre has now been linked to two earlier campaigns known as ShadyPanda and GhostPoster, bringing the total number of impacted users across all three operations to more than 8.8 million over a period exceeding seven years.
Koi Security said the activity appears to be the work of a single Chinese threat actor that it tracks under the name DarkSpectre. The campaigns relied on seemingly legitimate browser extensions that were used to steal data, hijack search queries, manipulate affiliate links and conduct advertising fraud.
ShadyPanda, which Koi disclosed earlier this month, was found to have affected about 5.6 million users through more than 100 malicious or compromised extensions across Chrome, Edge and Firefox. Some of these extensions remained benign for years before being weaponised through updates.
One Edge extension waited three days after installation before activatin
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: