216.73.217.80

A $6,000 Russian Malware Toolkit with Chrome Web Store Guarantee

· Published 26/01/2026 08:52 · Modified 26/01/2026 09:21

Export JSON

Essential information

Published
26/01/2026 08:52
Modified
26/01/2026 09:21
Tags
2026-01-26 browser extension chrome web store credential-theft malware-as-service phishing russian cybercrime stanley website spoofing
Related entities
1 vulnerabilities (cve), 3 observables, 1 intrusion sets (apt), 3 techniques (mitre), 1 malware, 3 others

Description

A new malware-as-a-service toolkit called '' is being sold on forums for $2,000 to $6,000. It provides a turnkey website-spoofing operation disguised as a Chrome extension, with the premium tier promising guaranteed publication on the . The toolkit allows full-page , element injection, push notifications, and backup domain rotation. It uses victims' IP addresses for tracking and implements a persistent polling mechanism to communicate with the command and control server. The malware's core attack involves via iframe overlay, allowing attackers to harvest credentials while displaying legitimate URLs in the browser's address bar.

External references