- Russian hackers sell Chrome extension service that bypasses Google Store moderation
- Malicious add-on spoofs legitimate sites with full-screen iframes to steal credentials
- Varonis advises strict corporate whitelisting and consumer extension audits for protection
Russian hackers sell a service that allows other criminals to spoof legitimate websites, tricking victims into revealing their login credentials or even making fraudulent wire transfers.
A malicious actor aka “Stenli” (Stanley) recently began offering a service that essentially guarantees that a malicious Chrome extension will “pass Google Store moderation” and land in the browser’s add-ons repository.
But such a big promise also comes with a hefty price tag – between $2,000 and $6,000.
Push notifications galore
In its in-depth analysis, security researchers Varonis explained that the add-on works by covering legitimate websites with a full-screen iframe that displays tailored phishing content.
The address bar, on the other hand, remains intact. Therefore, victims may visit a legitimate website, such as Coinbase, for example, but the real site will be hidden behind a full-screen iframe that spoofs Coinbase and steals login credentials.
To make matters worse, the add-on can also send push notifications. These will appear as if they came directly from the Chrome browser (which they technically are), which will lend even more credence to the trick and make it even more difficult to detect the attack.
Usually, cybersecurity experts advise users to ensure their security by only installing add-ons from reputable sources. The guarantee of having malware smuggled into the Chrome Web Store makes the usual advice “insufficient,” Varonis said.
Instead, businesses should focus on a strict allowlist, he said: “Chrome Enterprise and Edge for Business allow admins to block all extensions except those explicitly approved. This approach requires more overhead (maintaining an approved list, evaluating new requests, handling exceptions) but it prevents threats that escape store moderation.”
However, consumers are advised to periodically check installed extensions and remove anything that is not used excessively. Paying attention to permission requests is also a great way to spot malware: any extension requesting access to “all websites” or “browsing history” should be analyzed thoroughly.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
