THREATNOIR
Subscribe
Back to Feed
Threat IntelligenceMay 22, 2026

A single threat actor uses multiple identities to run dozens of #AI-accelerated fake VPN Chrome e...

A threat actor uses AI to create fake VPN Chrome extensions routing traffic through SOCKS5 proxies.

Read at source

Summary

A single threat actor is running dozens of AI-accelerated fake VPN Chrome extensions. The malicious extensions route traffic through 15 SOCKS5 proxies, with some impersonating major VPN service providers, indicating a sophisticated and potentially widespread operation.

Indicators of Compromise

  • malware — Fake VPN Chrome extensions

Entities

Chrome extensions (technology)VPN (technology)SOCKS5 (technology)