The builtin JavaScript interpreter is such a devious touch. No one blinks an eye at several MBs of extension data. That’s plenty of room to store arbitrary runtimes in, and then all the default browser runtime protections are pointless.

Painful read, this reads like it was written by AI.

The WeTab / Infinity team has responded to this [1] (in Chinese). Basically, they argue that:

- The Clean Master extension has long been sold, and the malicious updated was not pushed by them.

- The other two mentioned extensions are not at all malicious. They collect use info for extension opt-out-able features and analytics (using Google Analytics and Baidu Analytics).

- They are communicating with the extension stores to restore their extension.

Let's hope it's not an AI company making AI-generated accusations.

[1] https://mp.weixin.qq.com/s/E8YQLWZFM2J7r5DZNSl47w & https://www.v2ex.com/t/1176484

I came to the article hoping to see the list of affected extensions, so I can check if I ever installed any of them. All I get was a list of extension ID at the very bottom of the post. Is this some sort of security practice to not promoting malicious packages or something?

I was hoping to see a revenue estimate for injecting affiliate links on 4M browsers for 7 years… that must’ve been a lot of money!

So, has someone found or compiled a list of the actual extension names, not just IDs?

> Koi researchers have identified a threat actor we're calling ShadyPanda

Is it that hard to come up with a name that isn't a generic orientalist trope?