Nvidia’s RTX 5080 rollout for its GeForce Now cloud gaming service is now complete, so it’s ready to announce some additional features for subscribers. In the coming months, Nvidia is planning to launch native GeForce Now apps for Linux and Amazon’s Fire TV devices, alongside flight control support for its cloud gaming service.

The native Linux app is a highly requested feature for GeForce Now, especially as subscribers have had to rely on unofficial apps or browser tweaks to get access to the service. A beta of GeForce Now for Linux will be available initially for Ubuntu 24.04 and newer soon, nearly a year after Nvidia made it easier to access GeForce Now on the Linux-based SteamOS.

“Right now, the GeForce Now Linux app is going to launch first as a beta on Ubuntu 24.04 primarily because this is a long-term support release that enables stable graphics drivers and consistent system libraries,” says Michael McSorley, product marketing manager at Nvidia, in a briefing with The Verge. “As we continually test the app, we’re going to be expanding formal support to additional [Linux] distributions in the coming weeks.”

Nvidia is also further expanding GeForce Now into the living room with support for Amazon Fire TV devices. The app will launch early this year for Fire TV Stick 4K Plus and 4K Max initially, allowing owners to stream PC games to their TV with just a controller.

If you’re a fan of Microsoft Flight Simulator, Nvidia is also introducing full flight control support for GeForce Now so that devices from Thrustmaster and Logitech will work on its cloud gaming service. That means you can connect a joystick or yoke to an underpowered laptop and stream a copy of Microsoft Flight Simulator 2024 with the controls all working in the game.

Nvidia is also enabling automatic sign-in for Battle.net accounts on GeForce Now this week, with Gaijin.net account support soon. And if you’re wondering when GeForce Now will finally launch in India, as Nvidia promised last year, it has been delayed to “sometime in Q1, 2026,” according to McSorley.

Chrome extensions are supposed to make your browser more useful, but they’ve quietly become one of the easiest ways for attackers to spy on what you do online. Security researchers recently uncovered two Chrome extensions that have been doing exactly that for years.

These extensions looked like harmless proxy tools, but behind the scenes, they were hijacking traffic and stealing sensitive data from users who trusted them. What makes this case worse is where these extensions were found. Both were listed on Chrome’s official extension marketplace.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

FAKE AI CHAT RESULTS ARE SPREADING DANGEROUS MAC MALWARE

Malicious Chrome extensions hiding in plain sight

Researchers at Socket discovered two Chrome extensions using the same name, “Phantom Shuttle,” that were posing as tools for proxy routing and network speed testing (via Bleeping Computer). According to the researchers, the extensions have been active since at least 2017.

Both extensions were published under the same developer name and marketed toward foreign trade workers who need to test internet connectivity from different regions. They were sold as subscription-based tools, with prices ranging from roughly $1.40 to $13.60.

At a glance, everything looked normal. The descriptions matched the functionality. The pricing seemed reasonable. The problem was what the extensions were doing after installation.

How Phantom Shuttle steals your data

Socket researchers say Phantom Shuttle routes all your web traffic through proxy servers controlled by the attacker. Those proxies use hardcoded credentials embedded directly into the extension’s code. To avoid detection, the malicious logic is hidden inside what appears to be a legitimate jQuery library.

The attackers didn’t just leave credentials sitting in plain text. The extensions hide them using a custom character-index encoding scheme. Once active, the extension listens to web traffic and intercepts HTTP authentication challenges on any site you visit.

To make sure traffic always flows through their infrastructure, the extensions dynamically reconfigure Chrome’s proxy settings using an auto-configuration script. This forces your browser to route requests exactly where the attacker wants them.

In its default “smarty” mode, Phantom Shuttle routes traffic from more than 170 high-value domains through its proxy network. That list includes developer platforms, cloud service dashboards, social media sites and adult content portals. Local networks and the attacker’s own command-and-control domain are excluded, likely to avoid breaking things or raising suspicion.

While acting as a man-in-the-middle, the extension can capture anything you submit through web forms. That includes usernames, passwords, card details, personal information, session cookies from HTTP headers and API tokens pulled directly from network requests.

CyberGuy contacted Google about the extensions, and a spokesperson confirmed that both have been removed from the Chrome Web Store.

10 SIMPLE CYBERSECURITY RESOLUTIONS FOR A SAFER 2026

How to review the extensions installed in your browser (Chrome)

The step-by-step instructions below apply to Windows PCs, Macs and Chromebooks. In other words, desktop Chrome. Chrome extensions cannot be fully reviewed or removed from the mobile app.

Step 1: Open your extensions list

• Open Chrome on your computer.
• Click the three-dot menu in the top-right corner.
• Select Extensions
• Then click Manage Extensions.

You can also type this directly into the address bar and press Enter:
chrome://extensions

Step 2: Look for anything you do not recognize

Go through every extension listed and ask yourself:

• Do I remember installing this?
• Do I still use it?
• Do I know what it actually does?

If the answer is no to any of these, take a closer look.

Step 3: Review permissions and access

Click Details on any extension you are unsure about. Pay attention to:

• Permissions, especially anything that can read or change data on websites you visit
• Site access, such as extensions that run on all sites
• Background access, which allows the extension to stay active even when not in use

Proxy tools, VPNs, downloaders and network-related extensions deserve extra scrutiny.

Step 4: Disable suspicious extensions first

If something feels off, toggle the extension off. This immediately stops it from running without deleting it. If everything still works as expected, the extension was likely not essential.

Step 5: Remove extensions you no longer need

To fully remove an extension:

• Click Remove
• Confirm when prompted

Unused extensions are a common target for abuse and should be cleaned out regularly.

Step 6: Restart Chrome

Close and reopen Chrome after making changes. This ensures disabled or removed extensions are no longer active.

MICROSOFT TYPOSQUATTING SCAM SWAPS LETTERS TO STEAL LOGINS

6 steps you can take to stay safe from malicious Chrome extensions

You can’t control what slips through app store reviews, but you can reduce your risk by changing how you install and manage extensions.

1) Install extensions only when absolutely necessary

Every extension increases your attack surface. If you don’t genuinely need it, don’t install it. Convenience extensions often come with far more permissions than they deserve.

2) Check the publisher carefully

Reputable developers usually have a history, a website and multiple well-known extensions. Be cautious with tools from unknown publishers, especially those offering network or proxy features.

3) Read multiple user reviews, not just ratings

Star ratings can be faked or manipulated. Look for detailed reviews that mention long-term use. Watch out for sudden waves of generic praise.

4) Review permissions before clicking install

If an extension asks to “read and change all data on websites you visit,” take that seriously. Proxy tools and network extensions can see everything you do.

5) Use a password manager

A password manager won’t stop a malicious extension from spying on traffic, but it can limit damage. Unique passwords mean stolen credentials can’t unlock multiple accounts. Many managers also refuse to autofill on suspicious pages.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

6) Install strong antivirus software

Strong antivirus software can flag suspicious network activity, proxy abuse and unauthorized changes to browser settings. This adds a layer of defense beyond Chrome’s own protections.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaway

This attack doesn’t rely on phishing emails or fake websites. It works because the extension itself becomes part of your browser. Once installed, it sees nearly everything you do online. Extensions like Phantom Shuttle are dangerous because they blend real functionality with malicious behavior. The extensions deliver the proxy service they promise, which lowers suspicion, while quietly routing user data through attacker-controlled servers.

When was the last time you reviewed the extensions installed in your browser? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

LG’s CLOiD robot took the stage at CES 2026 on Monday, offering our first look at the bot in action. During LG’s keynote, the company showed how CLOiD can load your washer or dryer — albeit slowly – as part of its goal of creating a “zero labor home.”

CLOiD waved both of its five-finger hands as it rolled out on stage. Brandt Varner, LG’s vice president of sales in its home appliances division, followed behind and asked the bot to take care of the wet towel he was holding. “Sure, I’ll get the laundry started,” CLOiD said in a masculine-sounding voice. “Let me show everyone what I can do.”

The bot’s animated eyes “blinked” as it rolled closer to a washer that opened automatically (I hope CLOiD can open that door itself!), extending its left arm into the washer and dropping the towel into the drum. The whole process — from getting the towel to putting it in the machine — took nearly 30 seconds, which makes me wonder how long it would take to load a week’s worth of laundry.

The bot returned later in the keynote to bring a bottle of water to another presenter, Steve Scarbrough, the senior vice president of LG’s HVAC division. “I noticed by your voice and tone that you might want some water,” it said before handing over the bottle and giving Scarbrough a fist bump.

There’s still no word on when, or if, LG CLOiD will ever be available for purchase, but at least we’ll have WALL-E’s weird cousin to help out with some tasks around the home.