Guardio Labs security researchers identified malicious Chrome extensions that contained browser extension malware. The malicious extensions could hijack search results and inject ads into otherwise secure pages.

Dormant Colors Adware Detected in Chrome Extensions

Dormant Colors is a widespread browser extension malware, which according to a report from Guardio Labs, was discovered in the latest batch of Chrome extensions. This is basically adware spread across 30 different extensions in Microsoft’s Edge Add-ons repository and the Chrome Web Store.

These malicious extensions were also spotted on spammed video-downloading websites. Researchers suspect that the extensions can send users to phishing sites that steal login credentials.

Analyzing Adware Capabilities

Dormant Colors can inject ads into standard pages and append affiliate links to famous e-commerce websites to get the same affiliate revenue for the developer that legit sites get from linking those products.

As per the researchers, the adware is dubbed Dormant Colors because it focuses a lot on style and color themes from Super colors to Action colors, Power colors, etc. It comprises 30 different extensions boasting over one million downloads.

The infection chain starts when innocent-looking helps marketed as webpage modifiers allow users to alter font styles and background colors on the sites they visit. In the background, the adware hijacks the user’s browsing or search histories, inserts ads within accessed webpages, and side-loads malicious code while successfully evading detection. In total, 30 malicious extensions were discovered.

 

According to a blog post by Nati Tal from Guardio, the attackers can target domains and individual users through fake search results, website hijacking, or spear phishing after stealing the user’s browser data and transmitting it to a C2 server. This data is used to update the extension with more advanced attack vectors through silent code injection.

Both Microsoft and Google have taken down the malicious extensions. However, developers can still re-upload them. You must double-check the browser extension’s source before installing it. Moreover, always use credible anti-virus software.

[embedded content]

Protection from Malicious Chrome Extension

A malicious Chrome extension is a type of malware that can infect your computer through the Chrome web browser. These extensions are often used to track your browsing activity and steal your personal information. There are a few things you can do to protect yourself from these extensions.

First, only install extensions from trusted sources. Google’s Chrome Web Store is a good place to start, but you should also check reviews before installing anything. If an extension seems too good to be true, it probably is.

Second, keep your browser and extensions up to date. Both Chrome and the extensions you have installed will receive updates regularly. These updates usually include security fixes that can help protect you from new threats.

Finally, be cautious about the permissions you grant to extensions. Many malicious extensions will ask for more permissions than they need.

  1. 70 malicious Chrome extensions found spying on 32 million+ users
  2. Malicious Chrome extensions can steal data by abusing Sync feature
  3. Chrome extensions with 80 million+ users found engaging in ad fraud
  4. Malicious Chrome extensions stealing data with cryptomining malware
  5. The Great Suspender Chrome extension used by millions was malware

Posted by Charlie