嗯,用户让我用中文总结一篇文章,控制在100字以内,而且不需要用“文章内容总结”之类的开头。好的,我得先仔细阅读这篇文章,理解主要内容。 文章讲的是一个新的恶意软件即服务(MaaS)叫做“Stanley”,它提供恶意的Chrome扩展。这些扩展可以绕过Google的审核流程,发布到Chrome网络商店。Varonis公司的研究人员命名了这个项目,因为卖家使用了“Stanley”这个别名。卖家宣传说这些扩展可以进行钓鱼攻击,通过拦截导航并在网页上覆盖一个iframe来实现。 Stanley的恶意扩展可以覆盖整个页面,显示攻击者选择的钓鱼内容。它还支持在Chrome、Edge和Brave浏览器上静默自动安装,并且有自定义调整功能。订阅有多个层级,最贵的是Luxe计划,提供网页面板和发布扩展到Chrome商店的支持。 Varonis指出,Stanley通过覆盖全屏iframe显示恶意内容,同时地址栏保持不变,显示合法域名。操作者可以通过面板启用或禁用劫持规则,并直接向受害者浏览器推送通知。此外,它还支持基于IP的受害者识别和地理定位,并有持续的C2轮询和备用域名旋转功能。 从技术角度看,Stanley并不先进,代码粗糙,但其分销模式独特,承诺通过审核发布到可信扩展平台。用户应谨慎安装扩展。 现在我需要把这些信息浓缩到100字以内。重点包括:Stanley是MaaS服务,提供恶意Chrome扩展绕过审核发布到商店;功能包括钓鱼攻击、全屏iframe、支持多浏览器;订阅层级;技术简单但分销模式独特;用户需谨慎安装扩展。 可能的总结:“文章介绍了一款名为‘Stanley’的新恶意软件即服务(MaaS),该服务提供可绕过Google审核并发布到Chrome网络商店的恶意Chrome扩展。这些扩展可执行钓鱼攻击、覆盖网页并支持多浏览器自动安装。订阅计划包括高级功能如面板管理和地理定位。” 这样大概控制在100字左右。 </think> 文章介绍了一款名为“Stanley”的新恶意软件即服务(MaaS),该服务提供可绕过Google审核并发布到Chrome网络商店的恶意Chrome扩展。这些扩展可执行钓鱼攻击、覆盖网页并支持多浏览器自动安装。订阅计划包括高级功能如面板管理和地理定位。 2026-1-27 00:0:26 Author: www.bleepingcomputer.com(查看原文) 阅读量:10 收藏
A new malware-as-a-service (MaaS) called 'Stanley' promises malicious Chrome extensions that can clear Google's review process and publish them to the Chrome Web Store.
Researchers at end-to-end data security company Varonis named the project Stanley after the alias of the seller, who advertises easy phishing attacks by intercepting navigation and covering a webpage with an iframe with content of the attacker's choice.
The new MaaS offering is for malicious Chrome extensions that can cover a webpage with a full-screen iframe containing phishing content of the attacker's choice. Stanley also advertises silent auto-installation on Chrome, Edge, and Brave browsers and support for custom tweaks.
The MaaS has multiple subscription tiers, the most expensive one being the Luxe Plan, which also offers a web panel and full support for publishing the malicious extension to the Chrome Web Store.
Source: Varonis
BleepingComputer has contacted Google to request a comment on those claims, and we will update this post when we hear back.
Varonis reports that Stanley works by overlaying a full-screen iframe with malicious content while the victim’s browser address bar remains untouched, showing the legitimate domain.
.jpg)
Source: Varonis
Operators who have access to Stanley’s panel can enable or disable hijacking rules on demand, or even push notifications directly in the victim’s browser to lure them to specific pages, pushing the phishing process more aggressively.
Source: Varonis
Stanley supports IP-based victim identification and enables geographic targeting and correlation across sessions and devices.
Moreover, the malicious extension performs persistent command-and-control (C2) polling every 10 seconds, and it can also perform backup domain rotation to provide resilience against takedowns.
Varonis comments that, from a technical perspective, Stanley lacks advanced features and instead opts for a straightforward approach to implementing well-known techniques.
Its code is reportedly “rough” at places, featuring Russian comments, empty catch blocks, and inconsistent error handling.
What really makes this new MaaS stand out is its distribution model, specifically the promise to pass the Chrome Web Store review and get malicious extensions onto the largest platform of trusted browser add-ons.
Given that such extensions continue to slip through the cracks, as recently highlighted in two separate reports by Symantec and LayerX, users should install only the minimum number of extensions they need, read user reviews, and confirm the publisher’s trustworthiness.
The 2026 CISO Budget Benchmark
It's budget season! Over 300 CISOs and security leaders have shared how they're planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026.
Learn how top leaders are turning investment into measurable impact.
如有侵权请联系:admin#unsafe.sh