Cybersecurity researchers have discovered an advanced digital threat known as Stanley. This is a malicious tool designed to carry out phishing attacks through the internet browser, displaying a fake website in the browser bar while still displaying the address of the real website, making the deception nearly impossible for the average user to detect and extremely dangerous.
This tool is part of a growing range of sophisticated malware sold on the criminal electronic market for prices ranging from $2,000 to $6,000, and is used to steal login data and financial information through highly specialized fraud techniques.
Stanley’s tool relies on a malicious browser extension that displays the entire phishing page on top of the legitimate site, but the original URL remains unchanged, giving victims a false sense of security while browsing.
The tool is advertised within cybercrime forums with a focus on its ability to ensure that extensions are published through the Chrome Web Store, making them appear as official and trusted sources in the eyes of users. The biggest danger is that malicious extensions disguise themselves as common note-taking or bookmarking applications, allowing unwary users to grant extensive permissions without realizing the consequences.
The tool’s control panel allows the attacker to precisely select the target victim and specify the address of the legitimate website to be imitated and the fake website to be displayed in its place.
When a user enters a page and clicks on a link, a malicious extension is installed and then begins intercepting the user’s visits to other sites, replacing the original content with the attacker’s fake content while leaving the real site address visible in the browser bar.
Attackers can also exploit a user’s IP address as a unique identifier, allowing them to track victims across multiple browsing sessions and even different devices.
Considering these threats, cybersecurity experts advise individuals and organizations to follow strict precautions. In particular, we recommend reducing the number of browser extensions to a minimum, carefully considering the required permissions before installation, and avoiding granting blanket permissions that allow complete browsing control unless absolutely necessary.
Cybersecurity researchers have discovered an advanced digital threat known as Stanley. This malicious tool is designed to carry out phishing attacks through web browsers in a highly dangerous manner, displaying a fake site while leaving the real site’s address visible in the browser’s address bar, making the deception nearly impossible for the average user to detect.
The tool is part of a growing wave of sophisticated malware sold in criminal online markets for prices ranging from $2,000 to $6,000, and is used to steal login credentials and financial information through highly specialized fraud techniques.
The Stanley tool relies on a malicious browser extension that displays a complete phishing page on a legitimate site while leaving the original URL unchanged, giving victims a false sense of security while browsing.
The tool is promoted within cybercrime forums, with ads highlighting its ability to ensure extension distribution through the Chrome Web Store, giving the tool an official appearance and being perceived as a trusted source in the eyes of users. The biggest danger lies in the fact that malicious extensions can disguise themselves as common note-taking or bookmarking applications, granting unsuspecting users extensive privileges without realizing the consequences.
The tool’s control panel allows the attacker to choose exactly which victims to target and specify the address of the legitimate site to imitate and the fake site to be displayed in its place.
When a user enters a page and clicks on a link, the malicious extension is installed and then begins intercepting visits to other sites, replacing the original content with fake content owned by the attacker, while the real site address remains visible in the browser’s address bar.
Attackers can also exploit a user’s IP address as a unique identifier, allowing them to track victims across multiple browsing sessions and even different devices.
Considering these threats, cybersecurity experts advise individuals and organizations to follow strict precautions. The most important of these is to keep the number of browser extensions to a minimum, carefully consider the permissions they require before installing them, and avoid granting broad permissions that give you complete control over your browsing unless absolutely necessary.
