Dec '25 (edited) • General discussion
⚠️ "Sleeper" Chrome & Edge Extensions Turned Into Spyware
Recent security research revealed a major spyware campaign that compromised about 4.3 million users of Google Chrome and Microsoft Edge through a set of browser extensions that once appeared harmless. Malwarebytes+1
Starting around 2018, a group now known as ShadyPanda published browser add-ons offering simple functions — things like wallpaper themes, new-tab customizations, or basic productivity tools. Over several years these extensions gained large user bases, positive reviews, and “Featured” or “Verified” status within the Chrome and Edge extension stores.
In mid-2024, those trusted add-ons quietly received updates that secretly transformed them into spyware and remote-code-execution tools. Those updates gave the extensions the power to run arbitrary JavaScript within the browser and monitor everything users did online — everything from browsing history, search terms, mouse clicks, and URLs visited. All of that data was sent back to servers believed to be operated by actors in China.
One of the most widespread culprits was an extension called WeTab, with roughly three million installs on Edge. Even though some of the malicious extensions have since been removed from Chrome, copies remain available in the Edge store at the time of reporting.
Security experts warn this incident illustrates a significant flaw: extension stores may vet a plugin when it’s first submitted — but rarely re-check updates. That lapse allowed these “sleeper” extensions to lie undetected for years before turning malicious.
For everyday users, the risk is clear: even long-trusted browser extensions can turn dangerous. It’s wise to review installed extensions, remove those you don’t trust, and stay alert to sudden behavior changes in your browser.
🚩 Known Malicious Extensions
- Clean Master: the best Chrome Cache Cleaner The Hacker News
- Speedtest Pro-Free Online Internet Speed Test The Hacker News
- BlockSite The Hacker News
- Address bar search engine switcher The Hacker News
- SafeSwift New Tab The Hacker News
- Infinity V+ New Tab The Hacker News
- OneTab Plus: Tab Manage & Productivity The Hacker News
- WeTab 新标签页 (WeTab New Tab) The Hacker News
- Infinity New Tab for Mobile / Infinity New Tab / Infinity New Tab (Pro) The Hacker News
- Dream Afar New Tab The Hacker News
- Download Manager Pro The Hacker News
- Galaxy Theme Wallpaper HD 4k HomePage The Hacker News
- Halo 4K Wallpaper HD HomePage The Hacker New
What to do:
~
Here's the article on how to get ride of the malicious extensions using their ID:
Best Practice:
If you don’t recognize an extension, don’t use it anymore, or it wasn’t published by a well-known company, remove it. A lean browser is safer, faster, and harder for attackers to exploit.
This keeps the guidance simple, accurate, and written directly to the reader.
1
1 comment
⚠️ "Sleeper" Chrome & Edge Extensions Turned Into Spyware
skool.com/techframework
Please post your questions and comments about business-related IT or Cybersecurity, and a member or moderator will answer them.
Powered by