Malicious Google Chrome extensions stole data from over 170 sites

[ad_1]

Malicious Google Chrome extensions "Phantom Shuttle" secretly rerouted visitors via attacker-controlled proxies Extensions focused Chinese language customers, harvesting credentials from 170 high-value domainsGoogle eliminated the plugins; consultants warn browser add-ons stay a serious safety threat Safety researchers just lately found two extensions for the Google Chrome browser have been rerouting worthwhile visitors via compromised proxies, and thus sharing delicate info with malicious third events.

Socket mentioned it discovered two extensions within the Chrome Internet Retailer, named ‘Phantom Shuttle’. On the floor, these have been marketed as plugins for a proxy service, permitting customers to proxy visitors and check community speeds, and have been focused principally for Chinese language customers akin to international commerce employees who want to check connectivity from totally different places within the nation.

The plugins, which have been first uploaded to the shop again in 2017, even got here with a price ticket - a month-to-month subscription costing wherever between $1.40 and $13.60.

Chances are you'll like

Faraway from the repository Nonetheless, moreover doing what it mentioned it could do, Phantom Shuttle additionally routed person net visitors via proxies that the risk actor owned, which allowed them to select up on login credentials, cost card particulars, private info, and extra.

It didn’t route the entire visitors although. As a substitute, it listens for roughly 170 high-value domains, akin to developer platforms, cloud service consoles, social media websites, and grownup content material portals, to ensure solely worthwhile info will get picked up.

Native networks and C2 domains have been excluded from the listing, to ensure the plugins don’t elevate any alarms. Google has since eliminated each extensions from the app retailer and trying to find ‘Phantom Shuttle’ returns no outcomes.

The web browser is an important piece of software program on any trendy laptop, and as such is a serious goal for cybercriminals. Whereas most browsers in use right now are comparatively safe (Chrome, for instance, had solely eight zero-day vulnerabilities thus far in 2025), add-ons are one thing of a weak spot, permitting artistic crooks to sneak malicious code into this system.

Signal as much as the TechRadar Professional e-newsletter to get all the highest information, opinion, options and steering your small business must succeed!

That's the reason customers are suggested to be additional cautious when downloading and putting in any plugins or extensions to their browsers.

By way of BleepingComputer

<img src="https://cdn.mos.cms.futurecdn.net/HpHXmtXFPnuzaQ8m9xNW8j.png" alt="Best antivirus software header" srcset="https://cdn.mos.cms.futurecdn.net/HpHXmtXFPnuzaQ8m9xNW8j-140-80.png 140w" sizes="99vw" class="person__avatar image-wrapped__image image__image" loading="lazy" data-normal="https://cdn.mos.cms.futurecdn.net/HpHXmtXFPnuzaQ8m9xNW8j.png" data-original-mos="https://cdn.mos.cms.futurecdn.net/HpHXmtXFPnuzaQ8m9xNW8j.png" data-pin-media="https://cdn.mos.cms.futurecdn.net/HpHXmtXFPnuzaQ8m9xNW8j.png" data-pin-nopin="true" data-slice-image="true"/> The most effective antivirus for all budgets

Our high picks, primarily based on real-world testing and comparisons Observe TechRadar on Google Information and add us as a most well-liked supply to get our skilled information, evaluations, and opinion in your feeds. Be certain to click on the Observe button!

And naturally it's also possible to comply with TechRadar on TikTok for information, evaluations, unboxings in video kind, and get common updates from us on WhatsApp too.