In a long-running malware campaign, security researchers disclosed that numerous trusted Chrome and Edge extensions have been compromised and turned into spyware. Over a span of several years, 145 extensions were silently updated to include malicious code designed to steal user data and hijack searches. While many users may have remained unaware of these updates, they pose a significant security risk. According to the researchers, affected users did not need to interact with the extensions for their data to be at risk, as the updates occurred without any explicit action taken by the user. The affected extensions included 20 that were available on the Chrome store and 125 found on the Microsoft Edge Add-ons store. Microsoft has since responded to these findings by removing all identified malicious extensions from its Edge store. A spokesperson emphasized that users do not need to know the full technical details of the extensions but encouraged them to check if they have any listed in the identified categories. To protect themselves from potential threats, users are advised to regularly review their installed browser extensions. Checking extension IDs against lists of known malicious extensions is a crucial step. If any extensions appear on these lists, users should delete them immediately and restart their browsers to prevent any spyware from operating in the background. Moreover, users are encouraged to maintain a strong antivirus presence on their devices, enhancing their defenses against malicious links and other potentially harmful activities that might compromise their privacy or security. Furthermore, the incident underscores the importance of remaining vigilant towards browser behavior. A trusted extension can become detrimental if it undergoes unnoticed updates that invite spyware into one's system. This scenario urges all users to be alert for any anomalies, such as unwarranted changes in extension functionality or unfamiliar additions to their browser that were not installed by them in the first place. As the internet landscape evolves, the need for heightened awareness regarding digital security becomes ever more evident.