I've downloaded tons of browser extension tools, whether they're for wallpaper changing, tab management or productivity. Most recently, I downloaded a browser extension tool called "ShadyPanda" which turned out to be malware.
What Is ShadyPanda?
ShadyPanda is the name of an online campaign that pushed out fake browser extension applications. It tricked many users into downloading them thinking they would be safe and useful. In total, ShadyPanda generated over 4.3 million downloads from Chrome and Edge browsers combined.How Did They Turn Dangerous?
When ShadyPanda was first released, it appeared to be normal. Therefore, it caught many people's attention. However, once users started using ShadyPanda, they slowly became malicious through:- Stealing browsing habits
- Spying on users
- Remote controlling the browser and settings
- Secretly gathering personal information from the user
How Did ShadyPanda Trick So Many People?
ShadyPanda took advantage of many people by doing the following things to fool millions of users:- They pretended to be relatively normal browser tools (for example, wallpaper changers or tab managers).
- They waited for many users to install their extensions.
- When a large number of users had installed their extension, they pushed a silent update to turn these tools into spyware.
- Most people did not check what permissions the extension actually needed.
What You Can Do to Protect Yourself
Here are some things you can do to help protect yourself:- Only install extensions you absolutely need.
- Check the permissions they request before you install an extension.
- Remove any extensions you do not use.
- Be on the lookout for suspicious behavior from your browser.