Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.

The Tidyverse Blog offers insights, tutorials, and updates on the Tidyverse, a collection of R packages for data science and statistical computing. Covering topics such as data manipulation, visualization, and analysis, the blog provides resources for R developers looking to leverage the power of the Tidyverse for their data projects. Developers can learn how to use Tidyverse packages effectively to clean, transform, and analyze data in R.

The Hacker News

Two malicious Chrome extensions named "Phantom Shuttle" have been discovered stealing credentials from over 170 websites. Disguised as VPN services with paid subscriptions ($1.40-$13.50), the extensions inject proxy credentials, route traffic through attacker-controlled servers, and exfiltrate user passwords, cookies, API keys, and other sensitive data every five minutes. The extensions target developer platforms (GitHub, Stack Overflow), cloud services (AWS, Azure), social media, and other high-value domains. The operation appears to be China-based and has been active since 2017. Users should immediately remove these extensions, and security teams should implement extension allowlisting and network monitoring.

Two Chrome Extensions Caught Secretly Stealing Credentials from Over 170 Sites

<p>This is diabolical. They had the audacity to charge for it to. That is brazen.</p>
