Find notable cyber news and cases, enriched with sources, timelines, and signals.

Stanley MaaS markets malicious Chrome-extension phishing service

Threat Actor Meta
First reported
Last updated
Happening score
H score 47
2 unique sources, 2 articles

Summary

Hide ▲

Stanley is a malware-as-a-service (MaaS) platform for malicious Chrome extensions that helps operators deliver phishing pages through the browser while keeping the legitimate URL visible in the address bar. It is notable for packaging browser-extension abuse into a subscription service with silent auto-installation for Chrome, Edge, and Brave, full-screen iframe overlays, and controls for victim targeting and persistent C2 polling.

Related Happenings

DuckDuckGo browser rolls out built-in YouTube ad blocking on iOS, Mac, Windows, and Android

Security Tool/Service
H score11 First: 08.07.2026 15:00 Last: 08.07.2026 15:00 Sources 1

About this happening: DuckDuckGo's browser added **built-in YouTube ad blocking**, reducing interruptions for people watching videos on the standard **YouTube** site. The rollout is enabled by default...

Search for perplexity ai malicious Chrome extension

Malware Activity
H score29 First: 29.06.2026 21:40 Last: 29.06.2026 21:40 Sources 1

About this happening: A malicious **Chrome extension** named **Search for perplexity ai** impersonated **Perplexity AI** while **intercepting search traffic** and collecting **browsing information** th...

Bluekit adopts rrweb-based BitM session streaming for login theft

Technical Analysis
H score34 First: 25.06.2026 18:00 Last: 25.06.2026 18:00 Sources 1

About this happening: **Bluekit** has added **browser-in-the-middle (BitM)** login theft to its phishing stack, increasing the risk of **session-token theft** and **account takeover**. The mechanism us...

Dormant remote-controlled JavaScript injection path in Adblock for YouTube Chrome extension

Technical Analysis
H score23 First: 25.06.2026 17:12 Last: 25.06.2026 17:12 Sources 1

About this happening: A **Chrome extension** with **10 million+ installs** was found to carry a **dormant script-injection path**, raising the risk of **arbitrary JavaScript execution** across visited...

Commercial adware and traffic-attribution-fraud affiliate operation using Chrome extensions

Threat Actor Meta
H score20 First: 15.06.2026 14:07 Last: 15.06.2026 14:07 Sources 1

About this happening: Researchers found a **commercial adware** and **traffic-attribution-fraud affiliate operation** abusing **Chrome extensions** to fabricate traffic signals and monetize installs, i...

Timeline

  1. 27.01.2026 01:46 3 articles · 5mo ago

    Stanley MaaS for malicious Chrome extensions is disclosed

    Initial Disclosure

    Varonis discloses a new malware-as-a-service named Stanley that markets malicious Chrome extensions designed to pass Google review and reach the Chrome Web Store. The service advertises full-screen iframe phishing overlays that hide the real address bar, silent auto-installation on Chrome, Edge, and Brave, a Luxe Plan with a web panel and publishing support, IP-based victim identification, geographic targeting, on-demand hijacking rules, push notifications in the victim’s browser, and persistent C2 polling with backup domain rotation.

    Show sources