Varonis has uncovered a powerful new proof-of-concept MaaS toolkit called “Stanley” which is actively promoted on Russian cybercrime forums. Stanley follows recent, widespread browser-based attacks such as DarkSpectre and CrashFix, suggesting active interest in exploiting this attack vector.
What sets Stanley apart:
- A turnkey MaaS for browser-based attacks. Attackers get an array of tools at their fingertips. After quietly infecting victims, it uses real Chrome notifications to redirect to spoofed sites while leaving genuine URLs intact.
- Low cost. Stanley starts at 2,000 USD, and for a few thousand more, it’s guaranteed to pass Google’s review process. Its low price point places it within reach of solo scammers to organized crime groups alike.
- Chrome seal of approval. Stanley masquerades as a humble note-taking browser extension (“Notely”), that’s approved and available for download in the Chrome Web Store.
According to researcher and author Daniel Kelley:
“Extensions that do something useful while hiding malicious functionality are hard to spot. They pass store reviews, they work as advertised, and users have no reason to question them. The permissions needed for legitimate features are often the same ones needed to steal credentials or hijack sessions. Only install extensions you actually need, and regularly audit your browser to remove any you’re no longer using.”
Varonis just published a report on this: Stanley — A $6,000 Russian Malware Toolkit with Chrome Web Store Guarantee
Related
This entry was posted on January 23, 2026 at 3:51 pm and is filed under Commentary with tags Varonis. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Powerful “Stanley” browser-based MaaS guarantees Chrome Store approval
Varonis has uncovered a powerful new proof-of-concept MaaS toolkit called “Stanley” which is actively promoted on Russian cybercrime forums. Stanley follows recent, widespread browser-based attacks such as DarkSpectre and CrashFix, suggesting active interest in exploiting this attack vector.
What sets Stanley apart:
According to researcher and author Daniel Kelley:
“Extensions that do something useful while hiding malicious functionality are hard to spot. They pass store reviews, they work as advertised, and users have no reason to question them. The permissions needed for legitimate features are often the same ones needed to steal credentials or hijack sessions. Only install extensions you actually need, and regularly audit your browser to remove any you’re no longer using.”
Varonis just published a report on this: Stanley — A $6,000 Russian Malware Toolkit with Chrome Web Store Guarantee
Share this:
Like this:
Related
This entry was posted on January 23, 2026 at 3:51 pm and is filed under Commentary with tags Varonis. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.