Most people don’t think they are a target for hackers. They don’t work in technology and they’re not hiding secrets. They’re just checking email, shopping online, or watching videos. Everything feels routine, familiar, safe. But over the past several years, a large group of online criminals quietly watched the internet activity of about 8.8 million people, by current estimates. They didn’t break into computers or lock files for ransom, and they didn’t send scary emails demanding money. Instead, they hid inside something that looked completely normal and even helpful.
It started with browser add-ons and plug-ins
When you open the internet on your computer, you’re probably using a web browser like Chrome, Microsoft Edge, or Firefox. These programs are designed to be customizable. They let people add “plug-ins” or “add-ons” that make things easier or more convenient. Often, they offer benefits, such as finding coupon codes or the best prices when doing online shopping, or they help you download files, remember things, or take advantage of helpful tools or resources.
Installing one of these tools usually takes a single click from the browser’s store. No warnings. No alarms. The tool usually appears, does what it claims to do, and you move on with your day. It worked that way for millions of people, but what they didn’t know was that some of these tools had a second, hidden job.
The part no one could see
Behind the scenes, certain plug-ins or add-on tools were quietly collecting information. They would track which websites people visited, what they searched for, and, in some cases, what they typed into pages. Some even copied details from online meetings, such as meeting links, participant names, or chat messages.
The people using these tools wouldn’t notice anything unusual. Their computers didn’t slow down. Their web pages still loaded. Meetings still worked. There were no pop-ups saying, “You’re being watched.” This wasn’t a break-in and steal-payment-card-information sort of cybercrime. It was patient. Slow. Careful. Some of these tools behaved perfectly for years before anything suspicious happened. But by the time anyone realized what was going on, the damage was already done.
Why almost no one suspected a problem
When people think about online threats, they usually imagine something obvious: a scary email, a virus warning, or a frozen screen demanding payment. This situation looked nothing like that. These tools stayed quiet. They didn’t cause crashes or draw attention to themselves. In many cases, they only collected information occasionally, which made them even harder to detect.
From a user’s point of view, nothing felt wrong. And when nothing feels wrong, people don’t go looking for trouble. That’s what made this campaign so effective. It’s also tempting to think this kind of spying only matters to companies or people with sensitive jobs.
In reality, everyday information is incredibly valuable to cybercriminals. Knowing what someone searches for, where they shop, or which accounts they use can be enough to build a convincing scam later. Add in access to email or online meetings, and criminals can pretend to be coworkers, managers, or trusted services. Even if nothing bad happens right away, stolen information often gets reused months or years later. That’s why some scams feel strangely personal. The details came from somewhere.
For people who use their personal computer for work, especially for online meetings, the risk is considerably higher. Meeting links and participant lists can reveal who you work with, what tools your company uses, and when important conversations happen. None of that requires “secret” information. It just requires access.
Unfortunately, most people assume that if something is offered through a trusted app or store, it must be safe. And most of the time, that assumption works. But this case showed that trust can be borrowed and abused. Some tools built good reputations first. They gathered positive reviews and large numbers of users. Only later did they quietly change their behavior. By the time anyone noticed, millions of people had already said yes and were relying upon the tool.
What to do if this makes you uneasy
You don’t need technical skills, just a little time and a willingness to be selective.
-
- Start by looking at the extra tools, add-ons, or plug-ins you’ve added to your internet browser. Every browser has a place where these are listed, which is usually listed under “Extensions.” Scroll through them, and if you see something you don’t recognize, don’t remember installing, or no longer use, remove it.
- Next, think about permissions. Some tools ask for the ability to see everything you do online. That’s a lot of trust to give away. If you can’t clearly explain why a tool needs that level of access, it’s safer not to keep it.
- If you’re worried that a suspicious tool may have been installed in the past, it’s a good idea to change passwords for important accounts like email, shopping, banking, and work tools. Do this from a phone or a clean browser if possible. Turning on multifactor authentication adds another layer of safety.
- It may also help to sign out of websites you’re logged into and clear stored browsing data. This forces fresh logins and cuts off access that might still exist behind the scenes. It may be inconvenient, but it closes doors you didn’t realize were open.
- Consider installing antivirus software which should flag potentially malicious browser add-ons or plug-ins.
- Make sure your browser updates itself automatically. Updates often remove known bad tools quietly in the background. Staying current gives you protection without extra effort.
- If your computer is used for work, especially for online meetings, let your IT or help desk team know you’re concerned. That helps protect not just you, but everyone you work with.
How to avoid this in the future
The biggest lesson from this situation is simple: treat added internet tools the same way you treat apps on your phone. Before installing anything new, pause for a moment. Ask yourself whether you really need it. Be skeptical of tools discovered through ads, pop-ups, or comment sections. If something promises a lot for free and asks for broad access, that’s a reason to slow down.
Using fewer tools overall reduces risk automatically. Each extra add-on is another window into your online life. Keeping things minimal makes it easier to notice when something doesn’t belong. If possible, separate work and personal browsing. Using a clean browser for work meetings and documents limits exposure. On shared family computers, it’s also worth controlling who can add new tools so one curious click doesn’t affect everyone. And finally, trust your instincts. If search results look strange, ads suddenly appear, or websites behave oddly, don’t ignore it. Temporarily removing added tools and seeing whether the problem stops is often the fastest way to identify the cause.
You don’t need to memorize technical terms or follow security news every day to stay safer online. What matters is installing fewer extras. Removing what you don’t recognize or need. Using strong passwords with extra login protection. Doing occasional cleanups instead of assuming everything is fine forever. The people behind this spying campaign succeeded because they counted on silence, familiarity, and trust. A little curiosity and caution go a long way toward making sure the same trick doesn’t work on you.