- Malicious Google Chrome extensions “Phantom Shuttle” secretly rerouted visitors by way of attacker-controlled proxies
- Extensions focused Chinese language customers, harvesting credentials from 170 high-value domains
- Google eliminated the plugins; specialists warn browser add-ons stay a serious safety danger
Safety researchers just lately found two extensions for the Google Chrome browser had been rerouting useful visitors by way of compromised proxies, and thus sharing delicate data with malicious third events.
Socket mentioned it discovered two extensions within the Chrome Internet Retailer, named ‘Phantom Shuttle’. On the floor, these had been marketed as plugins for a proxy service, permitting customers to proxy visitors and take a look at community speeds, and had been focused largely for Chinese language customers similar to international commerce staff who want to check connectivity from completely different areas within the nation.
The plugins, which had been first uploaded to the shop again in 2017, even got here with a price ticket – a month-to-month subscription costing wherever between $1.40 and $13.60.
Faraway from the repository
Nevertheless, apart from doing what it mentioned it might do, Phantom Shuttle additionally routed consumer internet visitors by way of proxies that the risk actor owned, which allowed them to choose up on login credentials, fee card particulars, private data, and extra.
It didn’t route the entire visitors although. As a substitute, it listens for roughly 170 high-value domains, similar to developer platforms, cloud service consoles, social media websites, and grownup content material portals, to ensure solely useful data will get picked up.
Native networks and C2 domains had been excluded from the checklist, to ensure the plugins don’t increase any alarms. Google has since eliminated each extensions from the app retailer and trying to find ‘Phantom Shuttle’ returns no outcomes.
The web browser is an important piece of software program on any trendy laptop, and as such is a serious goal for cybercriminals. Whereas most browsers in use immediately are comparatively safe (Chrome, for instance, had solely eight zero-day vulnerabilities to this point in 2025), add-ons are one thing of a weak spot, permitting artistic crooks to sneak malicious code into this system.
That’s the reason customers are suggested to be additional cautious when downloading and putting in any plugins or extensions to their browsers.
Through BleepingComputer
The very best antivirus for all budgets
Observe TechRadar on Google Information and add us as a most popular supply to get our skilled information, evaluations, and opinion in your feeds. Be sure that to click on the Observe button!
And naturally you may also observe TechRadar on TikTok for information, evaluations, unboxings in video type, and get common updates from us on WhatsApp too.
