Russian hackers are selling a service that allows other criminals to spoof legitimate websites and trick victims into revealing their login details or even making fraudulent transfers.
A malicious actor called “Stenli” (Stanley) recently began offering a service that essentially guarantees that a malicious Chrome extension will “pass Google Store moderation” and end up in the browser’s add-on repository.
But such a big promise also comes with a high price: between $2,000 and $6,000.
Push notifications galore
in its depth analysisSecurity researcher Varonis explained that the plugin works by covering legitimate websites with a full-screen iframe that displays personalized phishing content.
The address bar, however, remains intact. As a result, victims can visit a legitimate website like Coinbase, but the real website is hidden behind a full-screen iframe that spoofs Coinbase and steals login credentials.
To make matters worse, the plugin can also send push notifications. They appear to come directly from the Chrome browser (which they technically are), which adds even more credibility to the hack and makes the attack even harder to detect.
Cybersecurity experts generally advise users to ensure their security by only installing plugins from trusted sources. The assurance that malware has been introduced into the Chrome Web Store makes the usual advice “inappropriate,” Varonis said.
Instead, companies should focus on a strict allowlist, he said: “Chrome Enterprise and Edge for Business allow administrators to block all extensions except those explicitly approved. This approach requires more effort (maintaining an approved list, evaluating new requests, handling exceptions), but prevents threats that escape the store’s moderation.”
However, consumers are advised to periodically review installed extensions and remove anything that is not being overused. Paying attention to permission requests is also a good way to detect malware: any extension that requests access to “all websites” or “browsing history” should be thoroughly analyzed.
