Stanley MaaS Offers Malicious Chrome Extensions via Chrome Web Store

First reported

27.01.2026 01:46

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A new malware-as-a-service (MaaS) called Stanley promises to publish malicious Chrome extensions on the Chrome Web Store. The service offers phishing capabilities, silent auto-installation, and custom tweaks. It supports multiple subscription tiers, with the highest tier offering full support for publishing extensions to the Chrome Web Store. The extensions overlay a full-screen iframe with malicious content while keeping the legitimate domain visible in the address bar. Stanley's distribution model focuses on bypassing Google's review process, making it a significant threat to users who trust extensions from the Chrome Web Store.

Timeline

27.01.2026 01:46 1 articles · 23h ago

Stanley MaaS Promises Malicious Chrome Extensions on Chrome Web Store
Stanley, a new malware-as-a-service, offers malicious Chrome extensions that can bypass Google's review process and be published on the Chrome Web Store. The service provides phishing capabilities, silent auto-installation, and custom tweaks. It supports multiple subscription tiers, with the highest tier offering full support for publishing extensions. The extensions perform persistent C2 polling and backup domain rotation, and the service supports IP-based victim identification and geographic targeting.
Show sources

New malware service guarantees phishing extensions on Chrome web store — www.bleepingcomputer.com — 27.01.2026 01:46
Open in new tab

Information Snippets

Stanley is a new MaaS that promises to publish malicious Chrome extensions on the Chrome Web Store.
First reported: 27.01.2026 01:46

1 source, 1 article
Show sources
- New malware service guarantees phishing extensions on Chrome web store — www.bleepingcomputer.com — 27.01.2026 01:46
The service offers phishing capabilities by overlaying a full-screen iframe with malicious content.
First reported: 27.01.2026 01:46

1 source, 1 article
Show sources
- New malware service guarantees phishing extensions on Chrome web store — www.bleepingcomputer.com — 27.01.2026 01:46
Stanley supports silent auto-installation on Chrome, Edge, and Brave browsers.
First reported: 27.01.2026 01:46

1 source, 1 article
Show sources
- New malware service guarantees phishing extensions on Chrome web store — www.bleepingcomputer.com — 27.01.2026 01:46
The service provides multiple subscription tiers, with the Luxe Plan offering full support for publishing extensions to the Chrome Web Store.
First reported: 27.01.2026 01:46

1 source, 1 article
Show sources
- New malware service guarantees phishing extensions on Chrome web store — www.bleepingcomputer.com — 27.01.2026 01:46
Stanley's extensions perform persistent command-and-control (C2) polling every 10 seconds and support backup domain rotation.
First reported: 27.01.2026 01:46

1 source, 1 article
Show sources
- New malware service guarantees phishing extensions on Chrome web store — www.bleepingcomputer.com — 27.01.2026 01:46
The service supports IP-based victim identification and geographic targeting.
First reported: 27.01.2026 01:46

1 source, 1 article
Show sources
- New malware service guarantees phishing extensions on Chrome web store — www.bleepingcomputer.com — 27.01.2026 01:46
Stanley's code is described as 'rough' with Russian comments, empty catch blocks, and inconsistent error handling.
First reported: 27.01.2026 01:46

1 source, 1 article
Show sources
- New malware service guarantees phishing extensions on Chrome web store — www.bleepingcomputer.com — 27.01.2026 01:46

Summary

Timeline

Stanley MaaS Promises Malicious Chrome Extensions on Chrome Web Store

Information Snippets