ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware

ShadyPanda threat actor conducted a seven-year browser extension campaign affecting over 4.3 million installations. Five legitimate extensions were compromised with malicious changes in mid-2024, gaining 300,000 installs. The extensions turned popular browser tools into spyware before being taken down. This represents a significant supply chain attack targeting browser users through compromised extensions. The campaign demonstrates the threat of legitimate software being weaponized for malicious purposes.