A new malware-as-a-service called Stanley offers malicious Chrome extensions that overlay full-screen iframes to carry out phishing while leaving the browser address bar displaying a legitimate site. Stanley advertises silent auto-installation on Chrome, Edge, and Brave, subscription tiers (including a Luxe Plan that assists in publishing extensions to the Chrome Web Store), persistent C2 polling, geo-targeting, and an operator web panel for controlling hijacks and notifications. #Stanley #ChromeWebStore
Keypoints
- Stanley is a MaaS that delivers malicious browser extensions which overlay phishing content in full-screen iframes.
- The service claims silent auto-installation on Chrome, Edge, and Brave and supports custom configuration tweaks.
- Operators can enable/disable hijacking rules, push notifications, and perform IP-based geo-targeting from a web panel.
- The extension performs persistent C2 polling every 10 seconds and supports backup domain rotation for resilience.
- The Luxe subscription includes support for publishing malicious extensions to the Chrome Web Store, increasing distribution risk.