A new malware-as-a-service toolkit, nicknamed Stanley by researchers at Varonis, is hawked on a Russian cybercrime forum for between $2,000 and $6,000, illustrating how the browser has become a critical enterprise security frontier. The toolkit lets criminals generate malicious Chrome extensions that intercept visits to real websites or SaaS apps and overlay attacker-controlled phishing pages, all while the visible URL in the address bar remains unchanged.
Purchasers receive a command-and-control panel to manage victims, configure spoofed redirects, and send fake browser notifications, with higher tiers offering a guarantee that extensions will pass Chrome Web Store review. Notely, a legitimate-looking note‑taking and bookmarking extension, is the disguise used to install Stanley and win the trust of victims.
The technique exploits full-screen iframe overlays and other tricks to capture credentials and feed them to a remote server, creating a defensive blind spot that traditional endpoint and network controls struggle to detect. According to Varonis, organisations should scrutinise extension permissions and consider allow-lists for trusted tools to mitigate this growing browser‑based threat.