Imagine this: Millions of unsuspecting users, their browsing habits laid bare, all thanks to a sneaky malware campaign that went undetected for a staggering seven years. This is the reality uncovered by reports from TheRegister and Koi Security, revealing how seemingly innocent browser extensions transformed into sophisticated surveillance tools.
It all started back in 2018, when a user known as ShadyPanda began uploading seemingly harmless extensions to both Chrome and Edge. These early versions functioned as standard, everyday tools, cleverly building trust over time. But here's where it gets controversial... as the install base swelled into the millions, these extensions received malicious updates, turning them into covert surveillance instruments.
One particularly popular extension, WeTab, along with several others from the same publisher, managed to reach over 3 million installs across both major browsers. The implications are significant.
What did these malicious extensions do? They captured a treasure trove of your browsing data, including:
- Every single URL you visited
- Your complete browsing history
- All your search queries
- Mouse clicks and movements
- Detailed browser fingerprints
- Tracking how you moved between sites
The good news? The threat has been neutralized. Google and Microsoft have confirmed the removal of these malicious extensions from their respective stores. But this isn't the end of the story.
And this is the part most people miss... Removing the extensions from the store doesn't automatically remove them from your browser. So, what should you do?
- Review your extensions: On both Chrome and Edge, look for any extensions published by Starlab Technology or linked to WeTab. If you find any, remove them immediately. Also, get rid of anything you don't recognize or no longer use.
- Update your browser: Make sure you're running the latest version of Chrome or Edge. Updates include new security checks and can trigger built-in blocklists that disable any flagged extensions. A fresh update also ensures that no cached versions of old extensions are still active.
- Clear your sync data: The malware stored persistent identifiers in chrome.storage.sync, which could track you across devices. To fully remove them, clear your sync data after uninstalling the affected extensions.
But here's a thought-provoking question: In an age where online privacy is constantly under threat, how much responsibility do we have as users to scrutinize the tools we install? Do you think browser developers should do more to protect users from malicious extensions? Share your thoughts in the comments below!**
