Browser Extensions and App Stores

Security firm Koi Security reports that a single threat actor it dubs DarkSpectre ran three coordinated browser‑extension malware campaigns—ShadyPanda, GhostPoster and Zoom Stealer—that infected more than 8.8 million Chrome, Edge and Firefox users worldwide over seven years. By keeping extensions benign for years, hiding malicious code in images, delaying activation and limiting triggers, the group conducted mass surveillance, affiliate fraud, and theft of corporate meeting data from more than 28 video‑conferencing platforms, compromising both home users and corporate environments, including in the United States.