Browser Extensions: How safe are browser extensions? 4 million users affected by malware, here's how to protect yourself..
Millions of internet users worldwide have fallen victim to a major cyberattack. A report by Koi Security revealed that several popular extensions for Chrome and Edge browsers were transformed into spyware under an operation called ShadyPanda. This affected more than 4 million users. Microsoft issued a statement saying it has removed all suspicious extensions from the Edge Add-ons store. According to the company, "Any extension that violates our policies is immediately removed or its publishing agreement is terminated."
How did ShadyPanda work?
The ShadyPanda operation involved 20 extensions on the Chrome Web Store and 125 on Edge. These had been uploaded since 2018, but the hidden malicious code became active in 2023. Disguised as wallpaper or productivity tools, these updates injected malicious code. The attack wasn't carried out through phishing or scam links, but through the automatic update system. This means the extensions are automatically updated and transformed into spyware.
What data was stolen?
Many extensions stole browsing history and searches, added tracking codes to links, and recorded keystrokes (what you type). They also hijacked cookies and login sessions. Some updates even allowed for remote code execution. Google has removed these extensions, but some may still be present on Edge. One extension alone shows over 3 million installations.
How to protect yourself from malware like ShadyPanda?
1. Immediately remove suspicious extensions, especially those in the wallpaper and productivity categories. The report includes the names of these malicious apps:
Clean Master
WeTab
Infinity V+
2. Change the passwords for all your accounts.
Use a password manager and replace your old passwords with new ones.
3. Install a reliable antivirus
Install an antivirus program that includes a browser protection feature. This will eliminate the need to install third-party browser extensions.
4. Keep extensions to a minimum
Only install the extensions you actually need. Always check the reviews and permissions before installing.
The ShadyPanda case proves that even seemingly trustworthy extensions can become dangerous over time. Therefore, extension management and robust cybersecurity are crucial.
Disclaimer: This content has been sourced and edited from Amar Ujala. While we have made modifications for clarity and presentation, the original content belongs to its respective authors and website. We do not claim ownership of the content.
