Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors

The extensions were seen profiling users, reading cookie data to create unique identifiers, and executing payloads with browser API access.

A threat actor has published over a hundred malicious extensions that can track and profile Chrome and Microsoft Edge users, and can also execute a payload on their systems, Koi Security reports.

According to the company, the threat actor, tracked as ShadyPanda, has been uploading seemingly innocuous extensions for roughly seven years, and weaponizing them after gaining users’ trust.

The extensions have gathered over 4 million downloads and some of them remain available for download.

In 2023, as part of a campaign focused on affiliate fraud, ShadyPanda published 20 Chrome extensions under the name ‘nuggetsno15’, and 125 Edge extensions using the name ‘Zhang’.

The extensions were designed to silently inject affiliate tracking codes every time the victim clicked on eBay, Amazon, or Booking.com links.

“Hidden commissions on every purchase ...