Malicious extensions in Chrome Web store steal user credentials www.bleepingcomputer.com/news/secu…
Two Chrome extensions in the Web Store named ‘Phantom Shuttle’ are posing as plugins for a proxy service to hijack user traffic and steal sensitive data.
Both extensions are still present in Chrome’s official marketplace at the time of writing and have been active since at least 2017, according to a report from researchers at the Socket supply-chain security platform.
Phantom Shuttle’s target audience is users in China, including foreign trade workers who need to test connectivity from various locations in the country.
