A new Malware-as-a-service (MaaS) project named "Stanley" has emerged, promising to help threat actors bypass Google's review process and publish malicious extensions directly to the Chrome Web Store. The service facilitates phishing attacks by using a full-screen iframe overlay technique that displays attacker-controlled content while keeping the browser's address bar showing the legitimate domain. This makes the phishing attempt significantly harder for users to detect.
Discovered by Varonis researchers, the MaaS offering includes subscription tiers ranging up to a "Luxe Plan," which provides a web panel and full support for infiltration into official stores. Stanley supports silent auto-installation on Chrome, Edge, and Brave browsers and includes features such as IP-based victim identification, geographic targeting, and command-and-control (C2) domain rotation for resilience against takedowns. Although the code is described as unrefined, its ability to bypass official store reviews represents a major security challenge for the browser extension ecosystem.
Top comments (0)