Malicious extensions do occasionally find their way into the Chrome Web Store (and similar libraries in other browsers) by posing as legitimate add-ons. They are particularly difficult to catch when they are benign to begin with, only morphing into malware after gaining user trust.

That's what happened with a number of extensions on Google Chrome and Microsoft Edge: researchers at Koi Security identified add-ons across both browsers that operated legitimately for several years before receiving malicious updates that allow hackers to surveil users and collect and exfiltrate sensitive data. The scheme, known as ShadyPanda, reached four million downloads and is still active on Edge.

Threat actors ran a similar campaign targeting Firefox earlier this year: They gained approval for benign ext

See Full Page