Threat actor GooseWork advertised a malicious extension for Chrome that is capable of stealing credentials, cookies, auto complete data, credit cards in xss.is.
‘The project involves the creation of a new exchange that includes a crypto wallet (analogous to metamask). There is a fully functional website.
Redesign.
The exchange forces the user to download the extension for ease of working with it. After installing the extension from the Chrome Store, it stops.’
XSS.is is an open registration Russian-language forum. Visitors can access the forum’s open sections and aspiring members are able to register to the forum for free. For registration, users are required to provide a username, a password, a valid email address, and answer a security-related question to demonstrate their technical proficiency.