Find notable cyber news and cases, enriched with sources, timelines, and signals.

ShadyPanda browser-extension campaign

Campaign
First reported
Last updated
Happening score
H score 58
3 unique sources, 3 articles

Summary

Hide ▲

The ShadyPanda browser-extension campaign remains active on Microsoft Edge Add-ons, where it has reached over 4.3 million installs and is still delivering malicious code. The operation evolved from affiliate fraud and search hijacking into spyware and an update-delivered backdoor that can run arbitrary JavaScript. The ongoing activity matters because infected extensions can steal browsing data, cookies, and user interactions at scale.

Related Happenings

Search for perplexity ai malicious Chrome extension

Malware Activity
H score29 First: 29.06.2026 21:40 Last: 29.06.2026 21:40 Sources 1

About this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...

StegoAd malicious Edge extension operation

Malware Activity
H score19 First: 29.06.2026 11:32 Last: 29.06.2026 11:32 Sources 1

About this happening: The **StegoAd** operation was removed from the **Edge Add-ons store** after hiding payloads in images and fonts, stealing credentials, and driving **ad fraud** across installs tha...

Dormant remote-controlled JavaScript injection path in Adblock for YouTube Chrome extension

Technical Analysis
H score23 First: 25.06.2026 17:12 Last: 25.06.2026 17:12 Sources 1

About this happening: A **Chrome extension** with **10 million+ installs** was found to carry a **dormant script-injection path**, raising the risk of **arbitrary JavaScript execution** across visited...

JetBrains Marketplace malicious plugins exfiltrating AI provider keys

Malware Activity
H score12 First: 17.06.2026 12:38 Last: 17.06.2026 12:38 Sources 1

About this happening: A **JetBrains Marketplace** malware operation has pushed **15 malicious plugins** that pose as AI coding assistants and steal **AI provider API keys** from developers. The plugins...

JetBrains Marketplace malicious plugin API-key theft campaign

Campaign
H score15 First: 17.06.2026 00:54 Last: 17.06.2026 00:54 Sources 1

About this happening: A **coordinated malware campaign** on the **JetBrains Marketplace** is stealing developers' **AI provider API keys** through malicious plugins that pose as **AI coding assistants*...

Timeline

  1. 01.12.2025 17:01 3 articles · 7mo ago

    ShadyPanda browser-extension campaign disclosed

    Initial Disclosure

    Koi Security disclosed a long-running ShadyPanda browser-extension campaign that began with legitimate-looking Chrome and Edge submissions in 2018, showed malicious activity in 2023, escalated in early 2024 and 2024 into search hijacking and an update-delivered backdoor, and remained active on the Microsoft Edge Add-ons platform with over 4.3 million installs and extensions such as WeTab 新标签页 and Infinity New Tab (Pro) still present.

    Show sources