A newly identified Chinese threat group, DarkSpectre, has been linked to one of the largest browser extension malware campaigns ever uncovered, compromising over 8.8 million users worldwide over the past seven years, according to a report cited by Cyber Press.

Research by cybersecurity firm Koi.ai revealed that DarkSpectre operates three interconnected malware campaigns: ShadyPanda, GhostPoster, and a newly discovered operation called The Zoom Stealer. Together, these campaigns form a coordinated network targeting users across popular browsers including Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera.

The malware campaigns exploit browser extension vulnerabilities to access sensitive user data, including login credentials, browsing history, and personal information. Cybersecurity experts warn that affected users may have been unknowingly exposed for years, with malware silently collecting data or redirecting users to malicious websites.

ShadyPanda and GhostPoster were previously known threats, but The Zoom Stealer represents a significant escalation, reportedly targeting video conferencing platforms and other productivity tools widely used during remote work setups. The integration of all three campaigns suggests a sophisticated level of coordination and operational scale.

Koi.ai emphasized that the malware was not limited to a single region, affecting users globally. While the exact number of compromised accounts is difficult to verify, the 8.8 million figure highlights the unprecedented scale of the operation and the risks posed by malicious browser extensions.

Security specialists advise users to review installed browser extensions, remove any suspicious add-ons, and update software regularly. Organizations are also urged to implement stronger cybersecurity monitoring and awareness programs, particularly for employees using browsers for professional tasks.

Authorities and cybersecurity firms are continuing to track DarkSpectre’s activity, and updates to threat intelligence platforms are expected to include indicators of compromise to help users and companies protect themselves. Experts warn that vigilance is critical, as browser extension malware often spreads through trusted app stores and can remain undetected for extended periods.

The DarkSpectre case underscores growing concerns about cyber espionage and malware operations originating from advanced threat groups. With millions of users potentially affected, both individuals and organizations are being reminded to adopt proactive security measures and remain cautious when installing browser extensions.