Malicious Chrome Extensions Bypass Google Review Process, Enabling Phishing and Browser Hijacking Attacks
A new malware-as-a-service called Stanley is spreading malicious Chrome extensions that bypass Google’s review process, enabling phishing attacks, browser hijacking, and serious cybersecurity risks for users.
Tech Author
A new malware-as-a-service (MaaS) named Stanley raises severe worries about browser security because it allows attackers to publish harmful Chrome extensions directly on the Chrome Web Store without being declined during examination. This is concerning because many people rely on browser extensions and install them without much thought.
Varonis security researchers discovered Stanley and detailed how it works. The service is named after the seller's online identity, which offers it as a simple tool for initiating phishing attacks using fake yet convincing browser extensions. These extensions can discreetly pass Google's inspections and seem as regular, safe add-ons.
Stanley operates by overlaying a full-screen hidden frame over real websites. While the page appears normal and the browser address bar still indicates a trusted domain, the content shown is really controlled by attackers. This makes it easy to steal login credentials, personal information, or deceive others into clicking false links without raising suspicion.
The malware system also promises to allow undetected installation on popular browsers such as Chrome, Edge, and Brave, which means users may not be aware that a malicious program has been introduced. Attackers can operate the extension via an online interface, where they can enable or disable attacks, issue browser notifications, and aggressively direct victims to phishing URLs. Stanley also contains location-based targeting, which allows attackers to choose victims according on their nation or IP address. It repeatedly checks in with attacker-controlled servers every few seconds and can switch domains if one is blocked, making it more difficult to shut down.
Interestingly, experts believe Stanley is not technically advanced. Its coding appears messy and incomplete in places. What makes it dangerous is not its complexity, but how easily it can be delivered via trustworthy places such as the Chrome Web Store. Recent examinations suggest that harmful extensions continue to get by official checks. As a result, experts recommend that users only install necessary browser extensions, carefully read reviews, and verify the publisher before downloading anything.
This instance shows the escalating cybersecurity vulnerabilities, particularly as attackers discover new ways to exploit trusted web sites to propagate malware and phishing threats.
Information referenced in this article is from Bleeping Computer
