Massive 7-Year Cyber Espionage Operation Uncovered: ShadyPanda Exploits Browser Extensions To …

A recent investigation by the security company Koi has uncovered a sophisticated cyber espionage operation conducted by a suspected Chinese hacker group, ShadyPanda. Over a period of seven years, the group infiltrated approximately 4. 3 million computers worldwide by exploiting legitimate browser extensions. The attackers employed a cunning strategy, initially publishing seemingly harmless productivity tools that stored popularity, positive reviews, and millions of installations.

These extensions, some of which were even marked as “Featured” or “Verified,” were later updated with malicious code, allowing the hackers to transform them into spy tools. The major platforms’ security checks, which primarily focus on the initial submission process, failed to detect the manipulated versions, enabling the attackers to distribute them largely undetected.

At least five extensions, still available in the Edge Store with over four million installations, were compromised by ShadyPanda. Two of these extensions are said to contain active spying functions. One such extension, WeTab, with over three million users, was found to be transmitting extensive data in real-time to several servers in China and Google Analytics. Another example is the Chrome and Edge extension “Clean Master,” developed by Starlab Technology.