216.73.217.176

4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign

· Published 03/12/2025 20:19 · Modified 21/12/2025 18:23

Export JSON

Essential information

Published
03/12/2025 20:19
Modified
21/12/2025 18:23
Tags
2025-12-03 browser extension chrome clean master data exfiltration edge infinity v+ malware campaign rce backdoor spyware trust exploitation wetab
Related entities
1 intrusion sets (apt), 20 techniques (mitre), 3 malware, 9 others

Description

A threat actor named ShadyPanda has been identified as responsible for a seven-year campaign that has infected 4.3 million and users. The campaign includes two active operations: a 300,000-user and a 4-million-user operation. ShadyPanda's extensions were featured and verified by Google, granting instant trust and massive distribution. The actor's strategy evolved from simple affiliate fraud to sophisticated browser control and long-term trust building. The malware collects extensive user data, including browsing history, search queries, and mouse clicks, transmitting it to servers in China. The success of this campaign highlights vulnerabilities in browser marketplace security models and the potential for widespread exploitation through trusted update mechanisms.

External references