Jump to content
Login new information ×
Giveaway Contest ×
Login new information
Giveaway Contest
  • Security & Privacy News

    Millions of users were unknowingly tracked in a 7‑year Chrome and Edge malware scheme — extensions turned into spyware

    Karlston

    By Karlston,
    Published Date:

    • 358 views
    • 3 minutes
     Share
    • 358 views
    • 3 minutes

    Koi Security uncovered malicious updates inside popular browser extensions, revealing how trusted add-ons built over years were weaponised to track users across Chrome and Edge.

    As reported on by TheRegister, a user operating under the name ShadyPanda began uploading harmless extensions in 2018. These early versions behaved like standard tools, which helped build trust over seven years. Once the install base grew into the millions, the extensions received malicious updates that turned them into surveillance tools. Koi Security uncovered the activity while analysing extension behaviour and later confirmed the scale of the incident in its report.

     

     

    Another extension, WeTab, along with several others from the same publisher, reached more than 3 million installs across Edge and Chrome.

    The threat is now removed, but users should still review their browsers

    Screenshot of Microsoft Edge open to Bing

    Screenshot of Microsoft Edge open to Bing 

    (Image credit: Windows Central)

     

    The malicious update also allowed the extensions to capture a wide range of browsing data. This included every URL you visited, your full browsing history, and any search queries typed into the browser. It also logged mouse clicks, collected detailed browser fingerprints, and tracked how you moved between sites through HTTP referrer data.

     

    Google has confirmed that none of the malicious extensions remain on the Chrome Web Store, and Microsoft has also confirmed their removal from the Edge add-on store. However, taking them down from the store does not remove them from your browser, so users should still check what is installed.

     

    On Chrome and Edge, look for any extensions published by Starlab Technology or linked to WeTab. It is also worth removing anything you do not recognise or no longer use.

     

    Updating Chrome or Edge is another crucial step. Installing the latest version helps the browser apply new security checks to extension behaviour and can trigger built-in blocklists that disable anything removed or flagged. A fresh update also makes sure no cached version of an old extension is still active.

     

    The malware also stores persistent identifiers in chrome.storage.sync. These UUIDs can follow you across devices, so your profile may stay trackable even if you reinstall the browser. To fully remove them, users should clear their sync data after uninstalling the affected extensions.

     

    Source

    Hope you enjoyed this news post. Feedback welcome.

    Posted Monday 8 December 2025 at 4:55 am AEST (my time).

    News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of November): 5,412

    RIP Matrix

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...