A long running malware operation that has evolved over several years has been turning browser extensions in Chrome and Edge into spyware through updates that added malicious functionalities. According to a report from Koi Security, the ShadyPanda campaign affects 4.3 million users who downloaded these now compromised browser extensions.

The ShadyPanda campaign consists of 20 malicious extensions on the Chrome Web Store and 125 in Edge; initial submissions of the extensions appeared in 2018, and the first signs of malicious behavior didn’t show up until five years later when a set of them posing as wallpaper and productivity tools began to show signs that something was amiss.

According to Koi Security, the malware campaign rolled out slowly, in phases, through the auto updated mechanism t

See Full Page