Researchers have discovered two malicious versions of the Google Chrome extension Phantom Shuttle that intercept internet traffic and steal user data.
Phantom Shuttle is advertised as a "multi-location network speed testing plugin" aimed at developers and foreign trade professionals.
After a paid subscription, it becomes a full-fledged surveillance tool:
"The extensions intercept all traffic, act as a proxy with Man-in-the-Middle (MitM) functionality, and continuously send user data to the attackers' command and control server," reports Socket researcher Kush Pandya.
Phantom Shuttle is advertised as a "multi-location network speed testing plugin" aimed at developers and foreign trade professionals.
After a paid subscription, it becomes a full-fledged surveillance tool:
"The extensions intercept all traffic, act as a proxy with Man-in-the-Middle (MitM) functionality, and continuously send user data to the attackers' command and control server," reports Socket researcher Kush Pandya.
