Find notable cyber news and cases, enriched with sources, timelines, and signals.

ShadyPanda browser extension spyware activity

Malware Activity
First reported
Last updated
Happening score
H score 49
2 unique sources, 3 articles

Summary

Hide ▲

ShadyPanda browser extensions now deliver hourly remote code execution, turning trusted add-ons into spyware across Chrome and Edge and putting 4.3 million installs at risk. The code fetches payloads from api.extensionplay[.]com and exfiltrates encrypted browsing data and browser fingerprints to api.cleanmasters[.]store. The operation raises immediate risk of credential theft, session hijacking, and arbitrary code injection.

Related Happenings

Silent Swap browser-extension clipboard clipper

Malware Activity
H score36 First: 30.06.2026 18:40 Last: 30.06.2026 18:40 Sources 1

About this happening: The **Silent Swap** malware activity now **installs malicious Chromium extensions** that intercept copied wallet addresses and **reroute cryptocurrency transfers** to attacker-con...

Search for perplexity ai malicious Chrome extension

Malware Activity
H score29 First: 29.06.2026 21:40 Last: 29.06.2026 21:40 Sources 1

About this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...

StegoAd malicious Edge extension operation

Malware Activity
H score19 First: 29.06.2026 11:32 Last: 29.06.2026 11:32 Sources 1

About this happening: The **StegoAd** operation was removed from the **Edge Add-ons store** after hiding payloads in images and fonts, stealing credentials, and driving **ad fraud** across installs tha...

Dormant remote-controlled JavaScript injection path in Adblock for YouTube Chrome extension

Technical Analysis
H score23 First: 25.06.2026 17:12 Last: 25.06.2026 17:12 Sources 1

About this happening: A **Chrome extension** with **10 million+ installs** was found to carry a **dormant script-injection path**, raising the risk of **arbitrary JavaScript execution** across visited...

JetBrains Marketplace malicious plugin API-key theft campaign

Campaign
H score15 First: 17.06.2026 00:54 Last: 17.06.2026 00:54 Sources 1

About this happening: A **coordinated malware campaign** on the **JetBrains Marketplace** is stealing developers' **AI provider API keys** through malicious plugins that pose as **AI coding assistants*...

Timeline

  1. 01.12.2025 19:29 3 articles · 7mo ago

    ShadyPanda browser extension spyware activity

    Initial Disclosure

    The operation began as a long-running browser-extension presence that built trust through legitimate store distribution and large install counts. In **mid-2024**, five previously benign extensions were altered to fetch code from **api.extensionplay[.]com** and start malicious hourly execution.

    Show sources