“Sleeper” browser extensions woke up as spyware on 4 million devices | Malwarebytes

A malware campaign has been uncovered where browser extensions, after years of normal operation, were updated to act as spyware and deploy malicious code on approximately 4.3 million Chrome and Edge devices. The extensions, developed by the ShadyPanda group, collected user data and executed arbitrary JavaScript, with some still available on the Edge store despite removal from Chrome.