A $6,000 Russian Malware Toolkit with Chrome Web Store Guarantee
Essential information
- Published
- 26/01/2026 08:52
- Modified
- 26/01/2026 09:21
- Tags
- 2026-01-26 browser extension chrome web store credential-theft malware-as-service phishing russian cybercrime stanley website spoofing
- Related entities
- 1 vulnerabilities (cve), 3 observables, 1 intrusion sets (apt), 3 techniques (mitre), 1 malware, 3 others
Description
A new malware-as-a-service toolkit called 'Stanley' is being sold on Russian cybercrime forums for $2,000 to $6,000. It provides a turnkey website-spoofing operation disguised as a Chrome extension, with the premium tier promising guaranteed publication on the Chrome Web Store. The toolkit allows full-page website spoofing, element injection, push notifications, and backup domain rotation. It uses victims' IP addresses for tracking and implements a persistent polling mechanism to communicate with the command and control server. The malware's core attack involves website spoofing via iframe overlay, allowing attackers to harvest credentials while displaying legitimate URLs in the browser's address bar.