Find notable cyber news and cases, enriched with sources, timelines, and signals.

Phantom Shuttle Chrome extension traffic-hijacking activity

Malware Activity
First reported
Last updated
Happening score
H score 30
1 unique sources, 1 articles

Summary

Hide ▲

The Phantom Shuttle Chrome extensions remain available in the Chrome Web Store and are actively hijacking user traffic to steal credentials, cookies, tokens, and personal data from users in China. The extensions pose as proxy-service tools, but they route traffic through attacker-controlled proxies and silently intercept sensitive activity. Their continued presence matters because the malicious code can exfiltrate high-value account data from installed browsers.

Related Happenings

Silent Swap browser-extension clipboard clipper

Malware Activity
H score36 First: 30.06.2026 18:40 Last: 30.06.2026 18:40 Sources 1

About this happening: The **Silent Swap** malware activity now **installs malicious Chromium extensions** that intercept copied wallet addresses and **reroute cryptocurrency transfers** to attacker-con...

Search for perplexity ai malicious Chrome extension

Malware Activity
H score29 First: 29.06.2026 21:40 Last: 29.06.2026 21:40 Sources 1

About this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...

Dormant remote-controlled JavaScript injection path in Adblock for YouTube Chrome extension

Technical Analysis
H score23 First: 25.06.2026 17:12 Last: 25.06.2026 17:12 Sources 1

About this happening: A **Chrome extension** with **10 million+ installs** was found to carry a **dormant script-injection path**, raising the risk of **arbitrary JavaScript execution** across visited...

Commercial adware and traffic-attribution-fraud affiliate operation using Chrome extensions

Threat Actor Meta
H score20 First: 15.06.2026 14:07 Last: 15.06.2026 14:07 Sources 1

About this happening: Researchers found a **commercial adware** and **traffic-attribution-fraud affiliate operation** abusing **Chrome extensions** to fabricate traffic signals and monetize installs, i...

Chrome extension PUP distribution network with fake organic traffic

Malware Activity
H score18 First: 15.06.2026 14:07 Last: 15.06.2026 14:07 Sources 1

About this happening: A network of **152 Google Chrome extensions** is distributing a **potentially unwanted program (PUP) family** through new-tab live-wallpaper add-ons, creating a broad browser-base...

Timeline

  1. 23.12.2025 15:31 2 articles · 6mo ago

    Phantom Shuttle Chrome extensions disclosed as traffic-hijacking tools

    Initial Disclosure

    Researchers at Socket identified two Chrome Web Store extensions named Phantom Shuttle that masquerade as proxy and network-speed tools for users in China while routing user web traffic through attacker-controlled proxies to steal credentials, card details, passwords, session cookies, and API tokens. The extensions were still present in Chrome's official marketplace and had been active since at least 2017.

    Show sources