[tomek@vz]

Citiraj:

Cybersecurity researchers at Koi recently uncovered DarkSpectre, a Chinese operation linking multiple malicious campaigns through browser extensions. Hundreds of seemingly legitimate add-ons were downloaded by more than 8.8 million users, leaving them vulnerable to security issues over the seven-year lifespan of the operation.
The researchers initially discovered DarkSpectre while investigating ShadyPanda, a campaign based on popular Chrome and Edge extensions that infected over four million devices. Further analysis revealed that ShadyPanda was just one part of a three-pronged operation, each campaign following similar methods and malicious objectives.
The infrastructure tied to ShadyPanda led researchers to other campaigns, which used the same hidden domains. These domains, in turn, were connected to additional extensions available across multiple browser marketplaces, including Firefox, Edge, and Chrome.

> DarkSpectre quietly infected millions through seemingly legit browser extensions