this post was submitted on 02 Dec 2025
51 points (94.7% liked)

Technology

77084 readers
1551 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
51
4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign | Koi Blog (www.koi.ai)
submitted 3 days ago by homesweethomeMrL@lemmy.world to c/technology@lemmy.world
10 comments fedilink hide all child comments
 

cross-posted from: https://reddthat.com/post/55344659

top 10 comments
sorted by: hot top controversial new old
[–] SnoringEarthworm@sh.itjust.works 34 points 3 days ago* (last edited 3 days ago) (1 children)

TL;Dr: Browser extensions are malware sleeper agents.

The systemic problem isn't just one malicious actor. It's that the security model incentivizes this behavior:

  1. Build something legitimate
  2. Pass review and gain trust signals (installs, reviews, verified badges)
  3. Collect large user base
  4. Weaponize via update
  5. Profit before detection

ShadyPanda proved this works. And now every sophisticated threat actor knows the playbook.

[–] vacuumflower@lemmy.sdf.org 2 points 3 days ago

So, asking the past defenders of such a situation again, was XUL really worse or is it in effect the same?

Except XUL also allowed such customization that very rarely an extension would become as popular as they become now. Fragmentation as a defense.

(That refers to the discussions about Firefox dropping XUL in the past, killing many-many good extensions and ways to make them and alternative browsers built on XULRunner.)

[–] Fizz@lemmy.nz 3 points 3 days ago (2 children)

So what's the lesson? How can we trust browser extensions? Ublock could go bad and cook half the globe.

[–] MalMen@masto.pt 3 points 3 days ago (1 children)

@Fizz @homesweethomeMrL samething with everyrhing we use... You can go gentoo way and compile yourself the software you use, but even that way unless you check every line of code, you are trusting that the code behave the way you supose it does

[–] Fizz@lemmy.nz 1 points 2 days ago* (last edited 2 days ago)

I really dont wanna do that. Firefox should add 3rd party repos so my distro packagers can handle that. They love that nerd shit and I trust them more than Firefox or chrome

[–] mal3oon@lemmy.world 2 points 3 days ago (1 children)

It's really unbelievable at this point. It's like that gentoo, meme, you have to compile your extension from sources. Even worse, as the 'supply chain' chain attack in ssh showed, you have to read the code yourself too. I am not sure if Linux becoming popular is a good thing anymore.

[–] Doomsider@lemmy.world 1 points 2 days ago

Security by obscurity isn't security at all.

[–] db2@lemmy.world 2 points 3 days ago (1 children)

[–] HeerlijkeDrop@thebrainbin.org 8 points 3 days ago (1 children)

I don't see anything special on this screenshot. Most of the websites display this, at least when you have an European IP. This pop up is only exceptional in that it doesn't lag on my phone, displays correctly and has a "Reject all" button

[–] victorz@lemmy.world 3 points 2 days ago

Actually one of the cleaner ones I've seen, ngl.