Technology
Malicious browser extensions hit 4.3M users
NEWYou can now listen to Fox News articles!
A long-running malware campaign quietly evolved over several years and turned trusted Chrome and Edge extensions into spyware. A detailed report from Koi Security reveals that the ShadyPanda operation affected 4.3 million users who downloaded extensions later updated with hidden malicious code.
These extensions began as simple wallpaper or productivity tools that looked harmless. Years later, silent updates added surveillance functions that most users could not detect.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
THIS CHROME VPN EXTENSION SECRETLY SPIES ON YOU
Malicious extensions spread through trusted browsers and quietly collected user data for years. (Kurt “CyberGuy” Knutsson)
How the ShadyPanda campaign unfolded
The operation included 20 malicious Chrome extensions and 125 on the Microsoft Edge Add-ons store. Many first appeared in 2018 with no obvious warning signs. Five years later, the extensions began receiving staged updates that changed their behavior.
Koi Security found that these updates rolled out through each browser’s trusted auto-update system. Users did not need to click anything. No phishing. No fake alerts. Just quiet version bumps that slowly turned safe extensions into powerful tracking tools.
NEW EMAIL SCAM USES HIDDEN CHARACTERS TO SLIP PAST FILTERS
WeTab functions as a sophisticated surveillance platform disguised as a productivity tool. (Koi)
What the extensions were doing behind the scenes
Once activated, the extensions injected tracking code into real links to earn revenue from user purchases. They also hijacked searches, redirected queries and logged data for sale and manipulation. ShadyPanda gathered an unusually broad range of personal information, including browsing history, search terms, cookies, keystrokes, fingerprint data, local storage, and even mouse movement coordinates. As the extensions gained credibility in the stores, the attackers pushed a backdoor update that allowed hourly remote code execution. That gave them full browser control, letting them monitor websites visited and exfiltrate persistent identifiers.
Researchers also discovered that the extensions could launch adversary-in-the-middle attacks. This allowed credential theft, session hijacking and code injection on any website. If users opened developer tools, the extensions switched into harmless mode to avoid detection. Google removed the malicious extensions from the Chrome Web Store. We reached out to the company, and a spokesperson confirmed that none of the extensions listed are currently live on the platform.
Meanwhile, a Microsoft spokesperson told CyberGuy, “We have removed all the extensions identified as malicious on the Edge Add-on store. When we become aware of instances that violate our policies, we take appropriate action that includes, but is not limited to, the removal of prohibited content or termination of our publishing agreement.”
Most of you will not need the full technical IDs used in the ShadyPanda campaign. These indicators of compromise are primarily for security researchers and IT teams. Regular users should focus on checking your installed extensions using the steps in the guide below.
You can review the full list of affected Chrome and Edge extensions to see every ID tied to the ShadyPanda campaign by clicking here and scrolling down to the bottom of the page.
How to check whether your browser contains these extension IDs
Here is an easy, step-by-step way for you to verify if any malicious extension IDs are installed.
For Google Chrome
Open Chrome.
Type chrome://extensions into the address bar.
Press Enter.
Look for each extension’s ID.
Click Details under any extension.
Scroll down to the Extension ID section.
Compare the ID with the lists above.
If you find a match, remove the extension immediately.
For Microsoft Edge
Open Edge.
Type edge://extensions into the address bar.
Press Enter.
Click Details under each extension.
Scroll to find the Extension ID.
If an ID appears in the lists, remove the extension and restart the browser.
183 MILLION EMAIL PASSWORDS LEAKED: CHECK YOURS NOW
Simple security steps can block hidden threats and help keep your browsing safer. (Kurt “CyberGuy” Knutsson)
How to protect your browser from malicious extensions
You can take a few quick actions that help lock down your browser and protect your data.
1) Remove suspicious extensions
Before removing anything, check your installed extensions against the IDs listed in the section above. Most of the malicious extensions were wallpaper or productivity tools. Three of the most mentioned are Clean Master, WeTab and Infinity V Plus. If you installed any of these or anything that looks similar, delete them now.
2) Reset your passwords
These extensions have access to sensitive data. Resetting your passwords protects you from possible misuse. A password manager makes the process easier and creates strong passwords for each account.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.
3) Use a data removal service to reduce tracking
ShadyPanda collected browsing activity, identifiers and behavioral signals that can be matched with data already held by brokers. A data removal service helps you reclaim your privacy by scanning people-search sites and broker databases to locate your exposed information and remove it. This limits how much of your digital footprint can be linked, sold or used for targeted scams.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
4) Install strong antivirus software
An antivirus may not have caught this specific threat due to the way it operated. Still, it can block other malware, scan for spyware and flag unsafe sites. Many antivirus tools include cloud backup and VPN options to add more protection.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.
5) Limit your extensions
Each extension adds risk. Stick with known developers and search for recent reviews. If an extension asks for permissions it should not need, walk away.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Kurt’s key takeaways
ShadyPanda ran for years without raising alarms and proved how creative attackers can be. A trusted extension can shift into spyware through a silent update, which makes it even more important to stay alert to changes in browser behavior. You protect yourself by installing fewer extensions, checking them from time to time and watching for anything that feels out of place. Small steps help lower your exposure and reduce the chances that hidden code can track what you do online.
Have you ever found an extension on your browser that you didn’t remember installing or one that started acting in strange ways? How did you handle it? Let us know by writing to us at Cyberguy.com.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alert, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
On June 10th, the German container ship Posen docked in Los Angeles after a two-week voyage from Shanghai. As Valve watcher Brad Lynch notes, it was almost certainly carrying the first mass production shipments of the Steam Frame, Valve’s new gaming headset.
Import records show that Valve’s distribution partner Ceva offloaded nearly 32 metric tons of “Virtual Reality Devices” on Valve’s behalf — or roughly 13 tons of actual product, after you subtract the roughly 3,700 kilogram weight of five 40-foot shipping containers.
Speaking of the Steam Machine, Valve’s stockpile may now have grown to 141 metric tons, as that’s roughly how much “Game Consoles” product has arrived in 12,600kg containers since April 23rd.
And it looks like Valve probably received three shipments of Steam Deck handhelds in May, two on May 18th and one on May 30th, judging by how those containers had the higher gross weight of 14,500kg. That’s generally how heavy Valve’s “Game Console” containers were before the Steam Machine was announced.
13 tons isn’t actually a lot of VR headsets, of course, but perhaps more of them fit into a container than the Steam Machine console. They each weigh 654g (roughly 1.44lb) with a pair of wand controllers; back-of-the-napkin math suggests we’re probably talking about fewer than 20,000 units right now.
There might not be that many Steam Machines in the US yet, either: 141 metric tons could easily be fewer than 50,000 units at their higher 2.6kg weight per console, not counting any controllers or cables.
Valve confirmed days ago that both the Steam Machine and Steam Frame will launch this summer, and has signaled that it had to rethink prices because of RAMageddon. Even if they’re pricey, though, they may sell out quickly.
Apple CEO Tim Cook delivered his final WWDC keynote as Apple CEO, announcing smarter features included in the tech company’s next big software update. (Josh Edelson / AFP via Getty Images)
NEWYou can now listen to Fox News articles!
Welcome to Fox News’ Artificial Intelligence newsletter with the latest AI technology advancements.
IN TODAY’S NEWSLETTER:
– 12 biggest Apple WWDC 2026 takeaways you need to know
– California city votes to permanently ban data centers in first-of-its-kind measure
– Meta launches $115M skilled trades academy with guaranteed jobs for graduates in 4 states
SIRI UPGRADE: Apple used WWDC 2026, its annual developers conference, to lay out what is coming next for your iPhone, Mac, iPad, Apple Watch and Vision Pro. This year’s keynote also carried extra weight because it marked Tim Cook’s final WWDC as Apple CEO before John Ternus takes over in September. Still, the biggest story for users was software. Apple put Siri AI and Apple Intelligence at the center of the keynote, while also announcing iOS 27 support for older iPhones, new child safety tools, faster performance and smarter features across everyday apps.
Attendees watch a presentation during Apple’s annual Worldwide Developers Conference in Cupertino, California, on June 8, 2026. (Carlos Barria/Reuters)
POWER GRID LOCK: Voters in a Southern California city overwhelmingly approved a ballot measure that permanently prohibits data centers within city limits, underscoring growing local resistance to the infrastructure powering the artificial intelligence boom. Monterey Park voters approved Measure NDC by a margin of 10,321 votes to 1,362 votes, or 88.34%, according to official election results from Los Angeles County.
WORKFORCE WIN: Tech giant Meta on Monday announced that it’s launching a new academy for workers to receive training in a skilled trade at no cost with a job guaranteed for all graduates.
RED THREAT: Sen. Tom Cotton urged the Justice Department to investigate a covert campaign linked to China designed to “kneecap” America’s rapidly expanding artificial intelligence infrastructure in a letter obtained exclusively by Fox News Digital.
Sen. Tom Cotton, R-Ark., arrives for a vote in the U.S. Capitol on April 30, 2025. (Bill Clark/CQ-Roll Call, Inc via Getty Images)
LABOR RECKONING: U.S. employers ramped up layoffs in May as the artificial intelligence (AI) rollout was the leading factor cited by companies cutting their workforces, new data shows.
WHO IS THIS? Your phone rings. It’s your son’s voice. Panicked. He says he’s been in a car accident. He hurt someone. He’s about to be arrested. He needs $15,000 wired before the end of the day, and please, don’t tell anyone yet. You’d wire the money. Of course you would. Except it isn’t your son. It’s a scammer who spent about 10 minutes online, pulled three seconds of audio from a Facebook video your son posted last Christmas, and fed it into an AI voice cloning tool that costs less than a Netflix subscription.
PRIVATE NO MORE? OpenAI said Monday it has taken a formal step toward a potential stock market debut, signaling that the artificial intelligence company is preparing for the possibility of becoming a publicly traded firm.
INTELLIGENCE QUESTIONS: Apple has spent years telling us that privacy starts on the device. For many users, that message feels reassuring. Your messages, photos, emails and app data sit in your hand, protected by Face ID, passcodes and Apple’s security layers. Now, new research gives Apple’s on-device AI a reality check.
Subscribe now to get the Fox News Artificial Intelligence Newsletter in your inbox.
FOLLOW FOX NEWS ON SOCIAL MEDIA
YouTube
X
SIGN UP FOR OUR OTHER NEWSLETTERS
Fox News First
Fox News Opinion
Fox News Lifestyle
Fox News Health
DOWNLOAD OUR APPS
Fox News
Fox Business
Fox Weather
Fox Sports
Tubi
WATCH FOX NEWS ONLINE
Fox News Go
STREAM FOX NATION
Fox Nation
Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future with Fox News here.
Memory is now the most expensive component in a smartphone. It’s more expensive than the processor, more expensive than the display, and can account for more than 50% of the total hardware bill.
For Phone (4a), memory costs doubled between when we decided to build the device and when it launched. They’ve doubled again since.
I posted about this earlier this year. It’s now playing out, faster than predicted.
Phone prices are going up, and they’ll keep going up into next year. Since February, new phones have been launching up to $100 more expensive than their predecessors. In India, phones above ₹30K have seen price jumps of ₹7,000 or more.
The natural instinct is to buy ahead. It doesn’t work that way. In a shortage, memory is allocated, not bought. You get what you’re given, at the current price.
If you’ve been waiting to upgrade a device, the best time was yesterday. The next best time is now. This year’s sale season won’t have the discounts people are used to.
-
Science2 minutes agoVideo: Can the Artemis III Mission Go on as Planned?
-
Lifestyle20 minutes agoGene Shalit, longtime ‘Today’ show movie critic, dies at 100
-
Technology32 minutes agoValve just imported 13 tons of VR headsets in one day
-
World35 minutes agoExpert warns of ‘general escalation’ of fighting if Houthis resume Red Sea campaign
-
Politics40 minutes agoWATCH: House Dems blame racism, all-white jury for Karmelo Anthony’s guilty verdict
-
Health47 minutes agoNew York anchor Bill Ritter announces Alzheimer’s diagnosis during his final Eyewitness News broadcast
-
Sports50 minutes agoHow to Watch the 2026 FIFA World Cup: Scores, Schedule, Dates for Every Match
-
Technology55 minutes agoFox News AI Newsletter: Top 12 takeaways from Apple’s new AI features
