Varonis has uncovered a powerful new proof-of-concept MaaS toolkit called “Stanley” which is actively promoted on Russian cybercrime forums. Stanley follows recent, widespread browser-based attacks such as DarkSpectre and CrashFix, suggesting active interest in exploiting this attack vector.
What sets Stanley apart:
- A turnkey MaaS for browser-based attacks. Attackers get an array of tools at their fingertips. After quietly infecting victims, it uses real Chrome notifications to redirect to spoofed sites while leaving genuine URLs intact.
- Low cost. Stanley starts at 2,000 USD, and for a few thousand more, it’s guaranteed to pass Google’s review process. Its low price point places it within reach of solo scammers to organized crime groups alike.
- Chrome seal of approval. Stanley masquerades as a humble note-taking browser extension (“Notely”), that’s approved and available for download in the Chrome Web Store.
According to researcher and author Daniel Kelley:
“Extensions that do something useful while hiding malicious functionality are hard to spot. They pass store reviews, they work as advertised, and users have no reason to question them. The permissions needed for legitimate features are often the same ones needed to steal credentials or hijack sessions. Only install extensions you actually need, and regularly audit your browser to remove any you’re no longer using.”
Varonis just published a report on this: Stanley — A $6,000 Russian Malware Toolkit with Chrome Web Store Guarantee
Meet 1Campaign: A new cloaking platform helping attackers abuse Google Ads
Posted in Commentary with tags Varonis on February 24, 2026 by itnerdThreat researchers from Varonis have uncovered a full-service platform called 1Campaign that allows hackers to run malicious Google Ads at scale. The tool lets hackers pass Google’s screening process, hide from security researchers, and funnel unsuspecting users to attacker-controlled sites.
According to researcher and author Daniel Kelley, “1Campaign stands out because it takes many tried-and-true hacker tools and techniques, packages them together, and aims them directly at the biggest online advertiser in the world, Google Ads. Hackers can trick Google Ads into running ads that redirect users to phishing or crypto scam pages, and the tools to do it are available right off the shelf and even come with dedicated hacker help desk support.”
The tool is part of a new breed of feature-packed toolkits that make it easier than ever for attackers to launch campaigns and dupe users — all without technical know-how.
We just published: 1Campaign: A New Cloaking Platform Helping Attackers Abuse Google Ads
Leave a comment »