Malicious browser extensions sometimes slip into official marketplaces like the Chrome Web Store by disguising themselves as genuine tools. Detecting them becomes even harder when they behave legitimately at first, only turning harmful after users have grown to trust them.
This tactic was recently uncovered on Google Chrome and Microsoft Edge. Researchers at Koi Security discovered several extensions on both platforms that functioned normally for years before being updated with malicious code. These updates enabled attackers to monitor user activity, collect sensitive information, and secretly send that data to external servers. The operation, dubbed ShadyPanda, amassed nearly four million downloads and continues to remain active on Edge.
Earlier this year, threat actors used a similar approach on Firefox. They first released harmless extensions designed to imitate popular cryptocurrency wallets. After gaining approval, downloads, and positive reviews, they later injected malicious functionality that logged user inputs in form fields, allowing attackers to access and steal crypto assets.
According to Koi Security, ShadyPanda originally began as an affiliate fraud scheme. Around 145 extensions posing as wallpaper and productivity tools were published across Chrome and Edge. In the initial phase, these add-ons inserted affiliate tracking code
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: