ShadyPanda Strikes Again: 4.3 Million Browser Users Fall Victim to Malicious Extensions!
ShadyPanda strikes again! This time, they’ve weaponized Chrome and Edge extensions, turning them into malicious tools that snoop on every click, swipe, and typo. With 4.3 million users affected, ShadyPanda has turned browser security into a comedy of errors. Who knew browsing history could be this dangerous?
Hot Take:
Wow, talk about a browser extension nightmare. ShadyPanda has taken “surfing the web” to a whole new level by turning it into their personal amusement park ride. It’s like the “It’s a Small World” ride, but instead of enjoying catchy tunes, you’re unwittingly giving away your browsing history and passwords to a panda who’s anything but cuddly. Maybe it’s time to double-check those browser extensions and make sure none of them are taking you for a ride!
Key Points:
- The ShadyPanda campaign infected 4.3 million users via malicious browser extensions.
- Extensions were legitimate for years before being weaponized in 2024.
- ShadyPanda collected browsing histories and user credentials, with remote code execution capabilities.
- The operation involved 10 extensions across Chrome and Edge, with 4 million downloads from Edge alone.
- Google and Microsoft have removed the malicious extensions from their marketplaces.