A threat actor tracked as “ShadyPanda” has been caught operating a network of over 100 malicious browser extensions on the Chrome and Edge stores. These extensions, downloaded over 4 million times, silently track user activity, inject affiliate fraud links, and create backdoors for executing arbitrary code.
Business Impact
Malicious extensions are a massive blind spot. They run with high privileges within the browser, often having visibility into internal corporate web apps, SaaS platforms, and email. This campaign allowed attackers to profile users and potentially steal session cookies or inject scripts into secure sessions.
Why It Happened
The actor published seemingly useful tools (productivity apps, coupon finders) and waited years to weaponize them (“sleeping agent” tactic), bypassing initial store reviews. They then updated the code to include malicious tracking and execution logic.
Recommended Executive Action
Enforce strict browser management policies using Group Policy or MDM. Block the installation of all extensions by default and only allow a vetted “allowlist” of approved business tools. Regularly audit installed extensions across the enterprise fleet.
Hashtags: #BrowserSecurity #Chrome #Edge #Malware #Privacy #Spyware #CyberCrime #InfoSec