TL;Dr: Browser extensions are malware sleeper agents.

The systemic problem isn’t just one malicious actor. It’s that the security model incentivizes this behavior:

1. Build something legitimate
2. Pass review and gain trust signals (installs, reviews, verified badges)
3. Collect large user base
4. Weaponize via update
5. Profit before detection

ShadyPanda proved this works. And now every sophisticated threat actor knows the playbook.