Published originally on December 2, 2025 by Steve Zurier on SC Media.
In what experts call one of the most advanced and long-running browser supply chain attacks they’ve seen, threat group ShadyPanda leveraged the auto-update mechanisms in Google Chrome and Microsoft Edge browsers to exploit the same vulnerability for seven years.
...
ShadyPanda changed its strategy again in early 2024 when it released a false productivity tool called Infinity V+ that sent users to trovi[.]com while also stealing cookies, reading what they typed in the search box, and profiling them in real time. This wasn’t smash-and-grab cybercrime; this was structured, scalable surveillance.
...
Cody Pierce, co-founder and CEO at Neon Cyber, added that the increase in malicious software add-ons, most notably Chrome Web Store extensions, is a strong indicator that the value of corporate or personal browsing activity, identities, and access to third-party SaaS tokens is a powerful ROI for attackers.
“Threat actors know that the browser is the operating system of business, and it's relatively easy to publish an extension to the Chrome Web Store,” said Pierce. “This creates an incentive to discover and exploit various activities for financial gain or initial access. The browser will remain a prime target for all kinds of clever attacks.“
Pierce offered four ways teams can defend against malicious Chrome extensions:
- Enumerate all extensions currently installed across the enterprise.
- Alert on new extension installations, including the permissions they grant.
- Update or revise software usage policies to include third-party add-ons and train staff.
- Include known malicious extension IDs in the organization's IoC or threat hunting playbooks.
Read the full article on SC Media.