- Russian Hackers Sell Chrome Extension Service That Bypasses Google Store Moderation
- Malicious add-on spoofs legitimate websites with full-screen iframes to steal credentials
- Varonis advises strict enterprise permission list and auditing of consumer extensions to protect them
Russian hackers are selling a service that allows other criminals to spoof legitimate websites, trick victims into revealing login details, or possibly even make fraudulent bank transfers.
A threat actor alias ‘Stenli’ (Stanley) recently started offering a service that basically guarantees that a malicious Chrome extension will “pass Google Store moderation” and land in the browser’s add-on repository.
But such a big promise also comes with a hefty price tag – anything between 2,000 and 6,000 dollars.
Push notifications galore
In its in-depth analysis, security researchers Varonis explained that the add-on works by cloaking legitimate websites with a full-screen iframe that displays tailored phishing content.
The address bar, on the other hand, remains intact. Therefore, victims may visit a legitimate site, such as Coinbase, for example, but the actual site will be hidden behind a full-screen iframe that spoofs Coinbase and steals login information.
To make matters worse, the add-on can also send push notifications. These will look like they’re coming straight from the Chrome browser (which they technically are), adding further credibility to the trick and making the attack even harder to spot.
Usually, cyber security experts will advise users to ensure security by only installing add-ons from reputable sources. The guarantee of getting malware smuggled into the Chrome Web Shop makes the usual advice “inadequate,” Varonis said.
Instead, companies should focus on strict whitelisting, it says: “Chrome Enterprise and Edge for Business let administrators block all extensions except those that are explicitly approved. This approach requires more overhead (maintaining an approved list, evaluating new requests, handling exceptions), but it prevents threats from slipping past store moderation.”
Consumers, on the other hand, are advised to periodically audit installed extensions and remove anything that is not being used excessively. Paying attention to permission requests is also a great way to detect malware: any extension that asks for access to “all websites” or “browsing history” should be thoroughly analyzed.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
