'Stanley' Toolkit Turns Chrome Into Undetectable Phishing Vector
The malware-as-a-service kit enables malicious extensions to overlay pages on real websites without changing the visible URL, signaling a fresh challenge for enterprise security.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
The malware-as-a-service kit enables malicious extensions to overlay pages on real websites without changing the visible URL, signaling a fresh challenge for enterprise security.
A new malware-as-a-service (MaaS) called 'Stanley' promises malicious Chrome extensions that can clear Google's review process and publish them to the Chrome Web Store. [...]
Researchers at Kaspersky discovered cyber-espionage activity that used the vulnerability in a one-click phishing attack to deliver malware.
Developers Listed as Public Contact Points Targeted in Phishing CampaignA supply chain attack that subverted legitimate Google Chrome browser extensions to inject data-stealing malware is more widespread than security researchers first suspected. So far researchers have identified 36 subverted extensions collectively used by 2.6 million people.
Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy. [...]
ThreatFabric explained the malware relies on deceptive phishing webpages posing as a Chrome update
Criminal IP's Chrome extension offers real-time scanning of websites worldwide, using AI-based detection to identify recently created phishing sites. [...]