Edit Profile
crown
Subscribe Now
Saved Articles
Following
My Reads
Sign out
Get App
    Copyright © HT Digital Streams Ltd. All rights reserved.
    Sign in

    Are your browser extensions safe? 4 million users hit by malware - Here’s how to protect yourself

    Millions of users have been affected by a spyware campaign that has hijacked popular browser extensions. Here’s how it works and how to stay safe.

    Published on: Dec 04, 2025 10:39 AM IST
    Share
    Share via
    • facebook
    • twitter
    • linkedin
    • whatsapp
    Copy link
    • copy link

    A long-running malware campaign has turned browser extensions on Chrome and Edge into spyware, affecting more than 4 million users, according to a report by Koi Security. The operation, known as ShadyPanda, used updates to legitimate extensions to introduce harmful features over time.

    Millions of users unknowingly installed browser extensions that secretly collected data and turned into spyware over time. (Pexels)
    Millions of users unknowingly installed browser extensions that secretly collected data and turned into spyware over time. (Pexels)
    MD Ijaj Khan
    By MD Ijaj Khan

    Ijaj Khan is a tech journalist and Senior Content Producer at HT Tech, where he translates the fast-paced world of consumer tech, gaming, and AI into stories that spark curiosity and connection. Always on the lookout for the next big trend, he believes technology should be as relatable as your everyday conversations. When he’s not decoding gadgets and innovations, you’ll likely find him hopping across cities, chasing new adventures, and sampling cuisines that tell their own stories.

    Read moreRead less

    Microsoft confirmed that it has removed all flagged extensions from the Edge Add-ons store. “When we find content that violates our policies, we remove it or end the publishing agreement,” a spokesperson said.

    ShadyPanda involved 20 extensions on the Chrome Web Store and 125 on Edge. The first extensions appeared in 2018, but malicious behaviour did not emerge until 2023, when tools posing as wallpapers or productivity apps began injecting harmful code.

    Also read: Spotify Wrapped 2025 live: Check your ‘Listening Age’, top artists, and yearly trends

    The campaign operated through the browsers’ automatic update systems, silently delivering malware without phishing or social engineering. Koi Security explained that the updates turned trusted extensions into surveillance platforms.

    How ShadyPanda Worked

    The compromised extensions tracked user activity and monetised it. They injected tracking codes into links, redirected search queries, and collected browsing history, keystrokes, cookies, and other data. Some updates included backdoors that allowed remote code execution, giving attackers full access to the browser. This enabled monitoring of visited websites, credential theft, session hijacking, and other adversary-in-the-middle attacks. Extensions also masked their behaviour when users accessed developer tools.

    While Google removed the extensions from the Chrome store, some remain on the Edge platform. One extension reportedly has over 3 million installs, though the numbers may be inflated.

    Also read: Google plans major Gemini app update with focus on UX, macOS app coming next

    How to Protect Yourself:

    1. Remove suspicious wallpaper or productivity extensions immediately. Notably affected extensions include Clean Master, WeTab, and Infinity V+.
    2. Reset passwords on all online accounts. Using a password manager can help generate strong, unique passwords.
    3. Install antivirus software with browser protection to detect malware, spyware, and unsafe websites.
    4. Limit the number of extensions and check reviews and permissions before installing new ones.

    Careful extension management and strong online security practices are essential to keep your browser and personal data safe from threats like ShadyPanda.

    • MD Ijaj Khan
      ABOUT THE AUTHOR
      MD Ijaj Khan

      Ijaj Khan is a tech journalist and Senior Content Producer at HT Tech, where he translates the fast-paced world of consumer tech, gaming, and AI into stories that spark curiosity and connection. Always on the lookout for the next big trend, he believes technology should be as relatable as your everyday conversations. When he’s not decoding gadgets and innovations, you’ll likely find him hopping across cities, chasing new adventures, and sampling cuisines that tell their own stories.Read More

    recommendedIcon
    News/Technology/Are Your Browser Extensions Safe? 4 Million Users Hit By Malware - Here’s How To Protect Yourself
    News/Technology/Are Your Browser Extensions Safe? 4 Million Users Hit By Malware - Here’s How To Protect Yourself
    • mint-logo
    • HH-logo
    • mint-lounge
    • HT_Auto
    • ht-tech
    • ht-bangla
    • healthshots
    • OTT-icon
    • slurrp-icon
    • smartcast-logo
    • ht-kannada
    • ht-tamil
    • ht-telugu
    • ht-marathi
    • logo-fab-play
    • VCCircle_logo-white
    • TechCircle_logo_white
    • VCCEdge_logo_white
    • edge-insights-logo
    • shineLogo
    © 2026 HindustanTimes