- Russian hackers sell Chrome extension service that bypasses Google Store moderation
- Malicious add-on spoofs legitimate sites with full-screen iframes to steal credentials
- Varonis advises strict enterprise allowlisting and consumer extension audits for protection
Russian hackers are selling a service that allows other criminals to spoof legitimate websites, tricking victims into exposing login credentials, or possibly even making fraudulent wire transfers.
A threat actor alias ‘Stenli’ (Stanley) recently started offering a service which basically guarantees that a malicious Chrome extension will “pass Google Store moderation” and land in the browser’s add-on repository.
But such a big promise also comes with a hefty price – anywhere between $2,000 and $6,000.
Push notifications galore
In its in-depth analysis, security researchers Varonis explained that the add-on works by covering legitimate websites with a full screen iframe that displays tailor-made phishing content.
The address bar, on the other hand, remains intact. Therefore, victims might visit a legitimate website, such as Coinbase, for example, but the actual site will be hidden behind a full screen iframe that spoofs Coinbase and steals login credentials.
To make matters worse, the add-on can send push notifications, too. These will appear as if they’re coming straight from the Chrome browser (which, technically, they are), lending further credence to the trick and making it even harder to spot the attack.
Usually, cybersecurity experts will advise users to ensure safety by only installing add-ons from reputable sources. The guarantee of having malware smuggled onto the Chrome Web Store makes the usual advice “insufficient,” Varonis said.
Instead, enterprises should focus on strict allowlisting, it said: “Chrome Enterprise and Edge for Business let administrators block all extensions except those explicitly approved. This approach requires more overhead (maintaining an approved list, evaluating new requests, handling exceptions) but it prevents threats that slip past store moderation.”
Consumers, on the other hand, are advised to periodically audit installed extensions and remove anything that is not being excessively used. Paying attention to permission requests is also a great way to spot malware: any extension asking access to “all websites” or “browsing history” should be thoroughly analyzed.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/tSejjmrgK46MgdhWqD5miC-2000-80.jpg
Source link
