A new malware-as-a-service (MaaS) called 'Stanley' promises malicious Chrome extensions that can clear Google's review process and publish them to the Chrome Web Store.
Researchers at end-to-end data security company Varonis named the project Stanley after the alias of the seller, who advertises easy phishing attacks by intercepting navigation and covering a webpage with an iframe with content of the attacker's choice.
The new MaaS offering is for malicious Chrome extensions that can cover a webpage with a full-screen iframe containing phishing content of the attacker's choice. Stanley also advertises silent auto-installation on Chrome, Edge, and Brave browsers and support for custom tweaks.
The MaaS has multiple subscription tiers, the most expensive one being the Luxe Plan, which also offers a web panel and full support for publishing the malicious extension to the Chrome Web Store.
Stanley promoted on cybercrime portals
Source: Varonis
BleepingComputer has contacted Google to request a comment on those claims, and we will update this post when we hear back.
Varonis reports that Stanley works by overlaying a full-screen iframe with malicious content while the victim’s browser address bar remains untouched, showing the legitimate domain.
Function that generates the deceptive iframe
Source: Varonis
... continue reading