Malicious extensions in Chrome Web store steal user credentials
Overview
Two malicious Chrome extensions called 'Phantom Shuttle' have been discovered in the Chrome Web Store, masquerading as tools for a proxy service. These extensions are designed to hijack user traffic and steal sensitive information, including login credentials. Users who have installed these extensions are at risk of having their personal data compromised. This incident serves as a reminder for users to be cautious when downloading browser extensions and to regularly review their installed plugins. Google has a responsibility to monitor the extensions available in its store to protect users from such threats.
Key Takeaways
- Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
- Affected Systems: Chrome Web Store extensions, user credentials, sensitive data
- Action Required: Users should remove the 'Phantom Shuttle' extensions from their browsers immediately and change any passwords that may have been compromised.
- Timeline: Newly disclosed
Original Article Summary
Two Chrome extensions in the Web Store named 'Phantom Shuttle' are posing as plugins for a proxy service to hijack user traffic and steal sensitive data. [...]
Impact
Chrome Web Store extensions, user credentials, sensitive data
Exploitation Status
This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.
Timeline
Newly disclosed
Remediation
Users should remove the 'Phantom Shuttle' extensions from their browsers immediately and change any passwords that may have been compromised.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to Google, Malware.