That's what happened with a number of extensions on Google Chrome and Microsoft Edge: researchers at Koi Security identified add-ons across both browsers that operated legitimately for several years before receiving malicious updates that allow hackers to surveil users and collect and exfiltrate sensitive data. The scheme, known as ShadyPanda, reached four million downloads and is still active on Edge.
As Koi Security outlines, ShadyPanda started out as an affiliate scam, with 145 extensions masquerading as wallpaper and productivity apps across the two browsers. The initial phase injected affiliate tracking codes and paid commissions with clicks to eBay, Amazon, and Booking.com and then evolved to hijack and manipulate search results before launching the five extensions in 2018 that would later be converted to malware.
Hackers launched an additional five extensions, including WeTab, to Edge in 2023. Two are comprehensive spyware, and all were still active as of Koi's report.
How to find malicious extensions in Chrome and Edge
In Chrome, type chrome://extensions/ into your address bar and hit Enter. Toggle on Developer mode in the top-right corner to reveal the IDs for installed extensions. From here, you can copy and paste each ID into the search bar (Ctrl+F on your PC or Cmd+F on your Mac). If there are no results, your browser is safe. If you do find a malicious add-on, click the Remove button. In Edge, follow the same process from edge://extensions/.
While this campaign shows that extensions can be weaponized long after they've been installed, you should still follow best practices for vetting browser add-ons just as you would apps for your device. Check the name carefully, as fraudulent extensions often have names that are nearly identical to trustworthy ones. Review the description for any red flags, such as misspellings and unrelated images. If you see a lot of positive reviews in a short amount of time on a new extension, or if they seem to be reviewing something else entirely, proceed with caution. You can also do additional research, such as a search on Google or Reddit, to see if the extension is legit.
Hence then, the article about how to spot a sleeper browser extension that s actually malware was published today ( ) and is available on Live Hacker ( Middle East ) The editorial team at PressBee has edited and verified it, and it may have been modified, fully republished, or quoted. You can read and follow the updates of this news or article from its original source.
Read More Details
Finally We wish PressBee provided you with enough information of ( How to Spot a ‘Sleeper’ Browser Extension That’s Actually Malware )
Also on site :