Two Chrome extensions called βPhantom Shuttleβ are disguising themselves as proxy tools but are actually hijacking user traffic and stealing sensitive data. Researchers warn that these extensions have been active since 2017 and can intercept and exfiltrate personal and business information through hardcoded proxies and malicious code. #PhantomShuttle #SocketDev
Keypoints
- Two malicious Chrome extensions are posing as proxy tools in the Web Store.
- These extensions have been active since at least 2017 under the same developer.
- The extensions route user traffic through hardcoded proxies controlled by attackers, allowing data theft.
- The malicious code is hidden within legitimate libraries and can intercept sensitive information.
- Users are advised to verify extension credibility and review permissions carefully before installation.