There was a time not too long ago when buying a power bank was as easy as choosing the cheapest portable battery that could charge your phone and quickly slip into your pocket, purse, or backpack. The hardest part was deciding whether it was time to ditch USB-A ports.
Technology
Malicious Chrome extensions caught stealing sensitive data
NEWYou can now listen to Fox News articles!
Chrome extensions are supposed to make your browser more useful, but they’ve quietly become one of the easiest ways for attackers to spy on what you do online. Security researchers recently uncovered two Chrome extensions that have been doing exactly that for years.
These extensions looked like harmless proxy tools, but behind the scenes, they were hijacking traffic and stealing sensitive data from users who trusted them. What makes this case worse is where these extensions were found. Both were listed on Chrome’s official extension marketplace.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
FAKE AI CHAT RESULTS ARE SPREADING DANGEROUS MAC MALWARE
Security researchers uncovered malicious Chrome extensions that quietly routed users’ web traffic through attacker-controlled servers to steal sensitive data. (Gokhan Balci/Anadolu Agency/Getty Images)
Malicious Chrome extensions hiding in plain sight
Researchers at Socket discovered two Chrome extensions using the same name, “Phantom Shuttle,” that were posing as tools for proxy routing and network speed testing (via Bleeping Computer). According to the researchers, the extensions have been active since at least 2017.
Both extensions were published under the same developer name and marketed toward foreign trade workers who need to test internet connectivity from different regions. They were sold as subscription-based tools, with prices ranging from roughly $1.40 to $13.60.
At a glance, everything looked normal. The descriptions matched the functionality. The pricing seemed reasonable. The problem was what the extensions were doing after installation.
How Phantom Shuttle steals your data
Socket researchers say Phantom Shuttle routes all your web traffic through proxy servers controlled by the attacker. Those proxies use hardcoded credentials embedded directly into the extension’s code. To avoid detection, the malicious logic is hidden inside what appears to be a legitimate jQuery library.
The attackers didn’t just leave credentials sitting in plain text. The extensions hide them using a custom character-index encoding scheme. Once active, the extension listens to web traffic and intercepts HTTP authentication challenges on any site you visit.
To make sure traffic always flows through their infrastructure, the extensions dynamically reconfigure Chrome’s proxy settings using an auto-configuration script. This forces your browser to route requests exactly where the attacker wants them.
In its default “smarty” mode, Phantom Shuttle routes traffic from more than 170 high-value domains through its proxy network. That list includes developer platforms, cloud service dashboards, social media sites and adult content portals. Local networks and the attacker’s own command-and-control domain are excluded, likely to avoid breaking things or raising suspicion.
While acting as a man-in-the-middle, the extension can capture anything you submit through web forms. That includes usernames, passwords, card details, personal information, session cookies from HTTP headers and API tokens pulled directly from network requests.
CyberGuy contacted Google about the extensions, and a spokesperson confirmed that both have been removed from the Chrome Web Store.
10 SIMPLE CYBERSECURITY RESOLUTIONS FOR A SAFER 2026
Two Chrome extensions posing as proxy tools were found spying on users for years while listed on Google’s official Chrome Web Store. (Yui Mok/PA Images via Getty Images)
How to review the extensions installed in your browser (Chrome)
The step-by-step instructions below apply to Windows PCs, Macs and Chromebooks. In other words, desktop Chrome. Chrome extensions cannot be fully reviewed or removed from the mobile app.
Step 1: Open your extensions list
- Open Chrome on your computer.
- Click the three-dot menu in the top-right corner.
- Select Extensions
- Then click Manage Extensions.
You can also type this directly into the address bar and press Enter:
chrome://extensions
Step 2: Look for anything you do not recognize
Go through every extension listed and ask yourself:
- Do I remember installing this?
- Do I still use it?
- Do I know what it actually does?
If the answer is no to any of these, take a closer look.
Step 3: Review permissions and access
Click Details on any extension you are unsure about. Pay attention to:
- Permissions, especially anything that can read or change data on websites you visit
- Site access, such as extensions that run on all sites
- Background access, which allows the extension to stay active even when not in use
Proxy tools, VPNs, downloaders and network-related extensions deserve extra scrutiny.
Step 4: Disable suspicious extensions first
If something feels off, toggle the extension off. This immediately stops it from running without deleting it. If everything still works as expected, the extension was likely not essential.
Step 5: Remove extensions you no longer need
To fully remove an extension:
- Click Remove
- Confirm when prompted
Unused extensions are a common target for abuse and should be cleaned out regularly.
Step 6: Restart Chrome
Close and reopen Chrome after making changes. This ensures disabled or removed extensions are no longer active.
MICROSOFT TYPOSQUATTING SCAM SWAPS LETTERS TO STEAL LOGINS
Cybersecurity experts warn that trusted browser extensions can become powerful surveillance tools once installed. (Gabby Jones/Bloomberg via Getty Images)
6 steps you can take to stay safe from malicious Chrome extensions
You can’t control what slips through app store reviews, but you can reduce your risk by changing how you install and manage extensions.
1) Install extensions only when absolutely necessary
Every extension increases your attack surface. If you don’t genuinely need it, don’t install it. Convenience extensions often come with far more permissions than they deserve.
2) Check the publisher carefully
Reputable developers usually have a history, a website and multiple well-known extensions. Be cautious with tools from unknown publishers, especially those offering network or proxy features.
3) Read multiple user reviews, not just ratings
Star ratings can be faked or manipulated. Look for detailed reviews that mention long-term use. Watch out for sudden waves of generic praise.
4) Review permissions before clicking install
If an extension asks to “read and change all data on websites you visit,” take that seriously. Proxy tools and network extensions can see everything you do.
5) Use a password manager
A password manager won’t stop a malicious extension from spying on traffic, but it can limit damage. Unique passwords mean stolen credentials can’t unlock multiple accounts. Many managers also refuse to autofill on suspicious pages.
Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.
6) Install strong antivirus software
Strong antivirus software can flag suspicious network activity, proxy abuse and unauthorized changes to browser settings. This adds a layer of defense beyond Chrome’s own protections.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Kurt’s key takeaway
This attack doesn’t rely on phishing emails or fake websites. It works because the extension itself becomes part of your browser. Once installed, it sees nearly everything you do online. Extensions like Phantom Shuttle are dangerous because they blend real functionality with malicious behavior. The extensions deliver the proxy service they promise, which lowers suspicion, while quietly routing user data through attacker-controlled servers.
When was the last time you reviewed the extensions installed in your browser? Let us know by writing to us at Cyberguy.com.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
Intel announced yesterday that it’s developing an entire “handheld gaming platform” powered by its new Panther Lake chips, and joining an increasingly competitive field. Qualcomm is hinting about potential Windows gaming handhelds showing up at the Game Developers Conference in March, and AMD’s new Strix Halo chips could lead to more powerful handhelds.
According to IGN and TechCrunch, sources say Intel is going to compete by developing a custom Intel Core G3 “variant or variants” just for handhelds that could outperform the Arc B390 GPU on the chips it just announced. IGN reports that by using the new 18A process, Intel can cut different die slices, and “spec the chips to offer better performance on the GPU where you want it.”
As for concrete details about the gaming platform, we’re going to have to wait. According to Intel’s Dan Rogers yesterday, the company will have “more news to share on that from our hardware and software partners later this year.” The Intel-based MSI Claw saw a marked improvement when it jumped to Lunar Lake, and hopefully the new platform keeps up that positive trend.
NEWYou can now listen to Fox News articles!
This is not a happy topic. But it’s essential advice whether you’re 30 or 90.
If something happened to you tomorrow, could your family get into your digital life? I’m talking about your bank accounts, emails, crypto and a lifetime of memories stored on your phone or computer.
Big Tech and other companies won’t hand over your data or passwords, even to a spouse, without a hassle, if at all.
1. The 10-minute setup
Start with a Legacy Contact. Think of someone you trust who gets access only after you’re gone. Who is that? Good.
SECRET PHRASES TO GET YOU PAST AI BOT CUSTOMER SERVICE
One day, you won’t be here anymore, but your tech will bel. Here’s how to plan for that. (iStock)
· iPhone: Open Settings > tap [Your Name]. Tap Sign-In & Security > Legacy Contact. Go to Add Legacy Contact and follow the prompts.
· Google: Search for Inactive Account Manager in your Google Account settings. Choose how long Google should wait before acting (e.g., three months). Add up to 10 people to be notified and choose which data (Photos, Drive, Gmail) they can download.
Google has an “Inactive Account Manager” feature. (Chesnot/Getty Images)
2. The master key problem
Apple and Google don’t help with banking, insurance, investment or other sites or apps. You need a solid password manager like NordPass that offers emergency access features.
1. Open your Password Manager and look for Emergency Access.
2. Add a Digital Heir: Enter the email of a spouse or trusted child.
3. Set the Safety Delay: Choose a wait period. Usually 7 days is the sweet spot.
4. How it works: If your contact ever requests access, the app sends you an alert. If you’re fine, you hit Deny. But if you’re incapacitated and can’t respond within those seven days, the vault automatically unlocks for them.
Pro tip: Your Emergency Contact only gets viewing privileges. They can’t delete or change anything in your vault.
YOU’LL NEVER TRUST VIDEO AGAIN ONCE YOU SEE WHAT SORA 2 CAN DO
Facebook and Instagram have after-death options for accounts. (Karly Domb Sadof, File/AP )
3. Crypto and social media
· Crypto: Without your seed phrases, that money is gone. Store them physically along with any instructions and receipts of you buying crypto with your estate paperwork. If you use a crypto hardware wallet, keep that in a fireproof safe.
· Social media: On Facebook or Instagram, go to Settings > Memorialization. Choose to either have your account deleted or managed by a contact who can post a final tribute.
Be sure someone knows the passcode to your phone. That’s important for 2FA codes, among other things.
One more thing. If you found this guide helpful, be sure to get my free newsletter at GetKim.com to stay tech-savvy and secure every day!
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Award-winning host Kim Komando is your secret weapon for navigating tech.
· National radio: Airing on 500-plus stations across the US, find yours at komando.com or get the free podcast
· Daily newsletter: Join 650,000 people who read the Current (free!) at komando.com
· Watch: Kim’s YouTube channel at youtube.com/@kimkomando
Copyright 2026, WestStar Multimedia Entertainment. All rights reserved.
Recently, however, brands have been slathering on features, many of which are superfluous, in an attempt to both stand out from the commodified pack and justify higher price points. It’s especially prevalent amongst the bigger power banks that can also charge laptops, those that butt right up to the “airline friendly” 99Wh (around 27,650mAh) size limit.
At CES 2026, we’re seeing a trend towards power banks with integrated cables, which is very convenient. But a similar trend to slap large, energy-sapping displays onto these portable batteries is just silly. And that’s just the start of the atrocities witnessed in recent months.
The power bank that pushed things over the edge for me is the $270 EcoFlow Rapid Pro X Power Bank 27k that I received for review. Here’s my review: it’s bad. Do. Not. Buy. As a power bank, it tries too hard to do too much, making it too expensive, too big, too slow, and too heavy.
The snap-on decorative faceplates are ridiculous and the proprietary magnetic modules for its Apple Watch charger and retractable USB-C cable are too easy to misplace.
The giant display EcoFlow uses scratches easily and is too dim to easily read outdoors. The confusing UX on the Rapid Pro X model is especially offensive in its touch-sensitive clumsiness. Nobody needs a display that takes 30 seconds to wake up from sleep and plays swirly graphics and blinking eyeballs when awake, slowly sapping the power bank’s energy reserves. The fact that it has a screensaver tells me that the product team completely lost the plot.
Anker’s also guilty of putting large displays onto its power banks. Most people don’t need anything more than four dots to show the remaining capacity, but it’s becoming increasingly difficult to buy a power bank without a colorful LCD display. In the 20,000mAh range, Anker doesn’t even list a display-less model anymore. I, like many Verge readers, love to see the actually wattage pumping in and out of those ports — but the vast majority of people have no need for that.
Anker, like EcoFlow, also offers power banks with proprietary pogo-pin connectors, Both companies use those connectors to lure owners into buying expensive desk chargers that don’t work with anything else. Those extra-fast charging speeds are unlikely to justify the premium expense for most people.
Most people, even tech savvy Verge readers, don’t even need a power bank that can output 140W of power delivery over USB-C. The majority of non-gaming laptops require 65W or less. And the primary computing device for most people — the phone — only requires about 20W.
We certainly don’t need power banks with built-in hotspots when that’s already built into our Android and iOS phones. Baseus made one anyway.
Bluetooth and Wi-Fi connectivity are becoming a common feature in some flagship power banks. I’m all for remotely monitoring massive power stations used to power off-grid homes and campers, but not a portable power bank that’s charging the phone in your hand or is plugged into a nearby wall jack.
We also don’t need integrated flashlights. Why random Amazon brand, why?
All these extra “features” just add weight, size, and cost to power banks. They also increase the risk that something will go wrong on a device that’s meant to always be with you and just work when you need it. And power banks don’t need any extra help justifying a recall.
One power bank trend I can get behind is integrated cables like the retractable version found on EcoFlow’s Rapid Pro Power Bank 27k (note the lack of “X” in the name). Always having a properly specced cable that matches the device’s max input and output is super convenient. I like that Kuxiu’s S3 MagSafe power bank, for example, neatly wraps the cable around the chassis to plug into a hidden USB-C jack. That way the cable can be replaced if it frays or breaks.
I’m also a fan of adding kickstands to MagSafe power banks that prop phones up at your preferred angle for extended viewing or recording. More importantly, a few companies are now adopting semi-solid state chemistry that makes their power banks less susceptible to thermal runaway, which was an industry plague in 2025. They cost more to buy, but they’re cheaper to own over their extended lifetimes.
I can’t help but enjoy the look of Sharge’s Retractable 3-in-1 Power Bank, even though its integrated wall outlet and underwhelming specs for a battery pack of this size and price completely undercuts my entire argument. I’m a sucker for Braun design, forgive me!
There are still basic power banks available that charge phones and even laptops without too much feature creep and attempted upsell. If all you want is to charge your phone then there’s Anker’s trusty $26 PowerCore 10k or, if you’re feeling fancy, Nitecore’s $65 NB10000 Gen 3 Ultra-Slim USB-C Power Bank. If you also want to charge laptops then you might consider INIU’s delightfully named Cougar P64-E1 Power Bank Fastest 140W 25000mAh for $90, or even Belkin’s more capable $150 UltraCharge Pro Laptop Power Bank 27K coming in March.
The fastest and most powerful power banks with lots of gee-whiz features will often generate headlines for pushing the envelope of what’s possible. But the “best” power bank might not be best for you, when basic affordability is all you really need.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
Southeast5 minutes ago
Repeat offender truck driver charged with bank robbery after claiming C-4 explosives, firing on officers: feds
Northeast11 minutes ago
Brown University shooter confessed in videos to planning attack for long time, showed no remorse: DOJ
Detroit, MI2 hours ago
Murder charge filed in aftermath of altercation outside Detroit bar
San Francisco, CA2 hours ago
San Francisco supervisors call for hearing into PG&E’s massive blackout
Dallas, TX2 hours ago
Brandon Williams’ game-winning 3-pointer tops Kings, breaks Mavericks’ road losing streak
Florida1 year ago
Florida High School Football Rankings: Top 25 teams – Oct. 21
Connecticut2 years ago
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
Oregon2 years ago
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
Virginia1 year ago
99th annual Pony Swim held in Virginia
Education2 years ago
Video: ‘It Didn’t Have to Happen This Way:’ U.Va. Faculty Call for Review of Police Response to Protests
Politics10 hours ago
Wyoming Supreme Court rules laws restricting abortion violate state constitution
World11 hours ago
How strong are Latin America’s military forces, as they face US threats?
News12 hours ago
Trump says Venezuela will turn over 30 million to 50 million barrels of oil to US | CNN Business
News21 hours ago
Video: Nvidia Shows Off New A.I. Chip at CES
Politics22 hours ago
Pelosi heir-apparent calls Trump’s Venezuela move a ‘lawless coup,’ urges impeachment, slams Netanyahu
-
World1 week agoHamas builds new terror regime in Gaza, recruiting teens amid problematic election
-
News1 week agoFor those who help the poor, 2025 goes down as a year of chaos
-
Science1 week agoWe Asked for Environmental Fixes in Your State. You Sent In Thousands.
-
Business1 week agoA tale of two Ralphs — Lauren and the supermarket — shows the reality of a K-shaped economy
-
Politics1 week agoCommentary: America tried something new in 2025. It’s not going well
-
Technology1 week agoThe best PS5 games from 2025
-
Politics1 week agoMarjorie Taylor Greene criticizes Trump’s meetings with Zelenskyy, Netanyahu: ‘Can we just do America?’
-
Health1 week agoRecord-breaking flu numbers reported in New York state, sparking warnings from officials