A malware operation known as “ShadyPanda” has infected over 4.3 million users with seemingly legitimate browser extensions for Google Chrome and Microsoft Edge. The malware, discovered by Koi Security, has evolved in phases from a legitimate tool to spyware, posing significant security risks.
Koi Security found that the ShadyPanda campaign consists of 145 malicious extensions, including ones listed as having millions of installs on the Microsoft Edge Add-ons platform. Researchers have identified several phases of the attack, with the latest phase still active and collecting sensitive user data, such as browsing history, search queries, and keystrokes.
Users are recommended to remove these extensions immediately and reset their account passwords across their online presence. The malware has been removed from Google’s Play Store, but its persistence on Microsoft Edge raises concerns about ongoing security risks.
To stay safe, users should be cautious of suspicious browser extensions and regularly check for updates on the latest ShadyPanda malware campaigns.
Source: https://www.bleepingcomputer.com/news/security/shadypanda-browser-extensions-amass-43m-installs-in-malicious-campaign