4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign | Koi Blog

⁨54⁩ ⁨likes⁩

Submitted ⁨⁨1⁩ ⁨month⁩ ago⁩ by ⁨homesweethomeMrL@lemmy.world⁩ to ⁨technology@lemmy.world⁩

https://www.koi.ai/blog/4-million-browsers-infected-inside-shadypanda-7-year-malware-campaign

cross-posted from: reddthat.com/post/55344659

source

Comments

Sort:hotnew top

SnoringEarthworm@sh.itjust.works ⁨1⁩ ⁨month⁩ ago
TL;Dr: Chrome extensions are sleeper agents, because Chrome doesn’t review updates before pushing them out to users.

ShadyPanda learned three critical lessons:

Chrome’s review process focused on initial submission, not ongoing behavior

Users trust extensions with high install counts and positive reviews

Patience pays off - some extensions operated for months before detection. The longer you look legitimate, the more damage you can do.
source
- vacuumflower@lemmy.sdf.org ⁨1⁩ ⁨month⁩ ago
  So, asking the past defenders of such a situation again, was XUL really worse or is it in effect the same?
  
  Except XUL also allowed such customization that very rarely an extension would become as popular as they become now. Fragmentation as a defense.
  
  (That refers to the discussions about Firefox dropping XUL in the past, killing many-many good extensions and ways to make them and alternative browsers built on XULRunner.)
  
  source
db2@lemmy.world ⁨1⁩ ⁨month⁩ ago
Image

source
- HeerlijkeDrop@thebrainbin.org ⁨1⁩ ⁨month⁩ ago
  I don't see anything special on this screenshot. Most of the websites display this, at least when you have an European IP. This pop up is only exceptional in that it doesn't lag on my phone, displays correctly and has a "Reject all" button
  
  source
  - victorz@lemmy.world ⁨1⁩ ⁨month⁩ ago
    Actually one of the cleaner ones I’ve seen, ngl.
    
    source
Fizz@lemmy.nz ⁨1⁩ ⁨month⁩ ago
So what’s the lesson? How can we trust browser extensions? Ublock could go bad and cook half the globe.

source
- MalMen@masto.pt ⁨1⁩ ⁨month⁩ ago
  @Fizz @homesweethomeMrL samething with everyrhing we use... You can go gentoo way and compile yourself the software you use, but even that way unless you check every line of code, you are trusting that the code behave the way you supose it does
  source
  - Fizz@lemmy.nz ⁨1⁩ ⁨month⁩ ago
    I really dont wanna do that. Firefox should add 3rd party repos so my distro packagers can handle that.
    
    source
- mal3oon@lemmy.world ⁨1⁩ ⁨month⁩ ago
  It’s really unbelievable at this point. It’s like that gentoo, meme, you have to compile your extension from sources. Even worse, as the ‘supply chain’ chain attack in ssh showed, you have to read the code yourself too. I am not sure if Linux becoming popular is a good thing anymore.
  
  source
  - Doomsider@lemmy.world ⁨1⁩ ⁨month⁩ ago
    Security by obscurity isn’t security at all.
    
    source