(leafbrowser.site)
A Chinese browser extension named WeTab 新标签页 (WeTab New Tab Page), with over 3 million downloads on Edge and 300k downloads on Chrome Web Store, is a spyware extension that masquerades as a productivity tool, researchers at KOI say.
The extension collects user information like:
- Browsing history
- Browser fingerprints
- Mouse clicks
- Page data (user behavior, time spent on page)
- Storage data (reads your localStorage and sessionStorage)
- And every single search query
And sends it to 17 Chinese domains:
- 8 Chinese Baidu servers
- 7 Chinese servers
- Rest on Google Analytics
The man behind this operation is known to be ShadyPanda, who is using browser extensions with a huge user base to collect user data by pushing malicious updates.
The extension recently got removed from Microsoft Edge extension Store:
But the problem is it is still active on Chrome Web store:
The extension comes from the publisher, Starlab Technology, which is behind the Google-featured and verified extension, Clean Master.
It is now clear that if you are using this extension by any chance, remove it, as it already has sensitive permissions like access to cookies and URLs.
The WeTab 新标签页 browser extension is one of the 5 malicious extensions that were launched and used by ShadyPanda on Microsoft extension store for collecting personal user data.