Back to Feed
MalwareJun 29, 2026

Chrome and Firefox Extensions Posing as Free VPNs Add Clipboard Stealers via Malicious Updates

Malicious VPN extensions for Chrome and Firefox were updated to steal clipboard data.

Summary

Malicious browser extensions masquerading as free VPNs, branded 'VPN Go: Free VPN', have been updated to include clipboard-stealing capabilities. These extensions, available on the Chrome Web Store and Mozilla's Firefox Add-ons marketplace, exfiltrate copied data like passwords, API keys, and MFA codes to threat actor-controlled infrastructure. The malicious functionality was introduced through staged updates, with earlier versions acting as legitimate proxy tools before the addition of the clipboard stealer.

Full text

Research/Security NewsMiasma Mini Shai-Hulud Hits ImmobiliareLabs npm PackagesMiasma Mini Shai-Hulud hits @immobiliarelabs Backstage plugins, targeting GitLab and LDAP auth packages on npm.By Socket Research Team - Jun 26, 2026

Indicators of Compromise

  • ip — 178.236.252.133
  • ip — 77.91.123.187
  • ip — 178.236.252.161
  • url — hxxp://178.236.252.133/html/continue.php
  • url — hxxp://77.91.123.187/html/continue.php
  • url — hxxp://178.236.252.161/html/continue.php
  • url — hxxp://178.236.252.133/locations
  • url — hxxp://77.91.123.187/locations
  • url — hxxp://178.236.252.161/locations
  • hash_sha256 — 43dc5b1d4c73d5ed9f4f7f561830079896eeb533a7c21bc577e4e267d5a3aa56
  • hash_sha256 — b3b63970833b3379ecec2d3ef8fea328fef8dd1c1574b1bcdfebad5bdce9280c
  • hash_sha256 — 72fc06a8b03720f4a64744eecd5b3f658ad880bdb327c0c465c7bdc66b14a8d2
  • hash_sha256 — fbbdf4bc490ad7b28953630c1707aa68b89d319b9b735f3d8563320b81b21a97
  • hash_sha256 — 2fe9c41901045013ba28ccb9af5870f9aef4f1ffd1e717cd5e0189ffdbe7fca2
  • mitre_attack — T1115
  • mitre_attack — T1059.007
  • mitre_attack — T1071.001
  • mitre_attack — T1041
  • mitre_attack — T1036
  • mitre_attack — T1176.001
  • mitre_attack — T1027

Entities

Chrome Web Store (product)Firefox Add-ons marketplace (product)VPN Go: Free VPN (product)Free VPN by VPN GO (product)Google (vendor)Mozilla (vendor)