"A new malware toolkit offered on an underground cybercrime forum can keep the browser's address bar unmodified while serving phishing pages, Varonis reports. Dubbed Stanley, the malware-as-a-service (MaaS) toolkit is priced from $2,000 to $6,000, and was first spotted on January 12, in a post claiming it can create extensions that bypass Google Store validation. The top-tier pricing provides threat actors with customization options, a management panel, and guaranteed publication on the Chrome Web Store, Varonis has discovered."
"A web-based management interface provides miscreants with a view of infected hosts, displaying information such as IP addresses (used as identifiers), online status, browser history status, and last activity timestamp. It also allows operators to select individual targets and to configure specific URL hijacking rules for them, which include the source/legitimate URL and the target/phishing URL. "Rules can be activated or deactivated per infection, allowing operators to stage attacks and trigger them on demand," Varonis explains."
Stanley is a malware-as-a-service toolkit that enables the creation and distribution of malicious Chrome extensions capable of serving phishing pages while leaving the browser address bar unchanged. The service is sold in tiers from $2,000 to $6,000, with high-end packages offering customization, a management panel, and guaranteed Chrome Web Store publication to reduce distribution risk. A web-based console exposes infected hosts, identifiers, online and browser-history status, and last activity, and allows per-target URL hijacking rules that map legitimate URLs to phishing destinations. Operators can stage attacks on demand and push Chrome notifications to lure users; a Notely example bundled real features with excessive permissions to gain control.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]