2 min read

Researchers Discover Browser-Hijacking Google Chrome Extensions on Web Stores

Vlad CONSTANTINESCU

October 25, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Researchers Discover Browser-Hijacking Google Chrome Extensions on Web Stores

Researchers from Guardio Labs uncovered a new malicious campaign deploying rogue Google Chrome extensions that can hijack browsers. The threat actors push several derivatives of a color customization browser extension and keep them clean during the initial access phase to avoid detection.

Researchers dubbed the campaign “Dormant Colors” due to the nature of the extensions and their lack of malicious code when they’re installed on the target machines.

According to the Guardio Labs report, at least 30 variations of the extension were available for free on the Chrome and Edge web stores by mid-October, including:

  • Power Colors
  • Action Colors
  • Nino Colors
  • Background Colors
  • imginfo
  • hex colors
  • what color
  • Mega Colors
  • Mix Colors
  • Xer Colors
  • Dood Colors
  • More Styles

The report revealed that the rogue extensions had collectively gathered over 1 million installs. Perpetrators drove a malvertising campaign that altered users’ ability to download files or watch videos on certain websites. Upon landing on such a page, victims were urged to install an extension to access the content.

The malvertised extensions look harmless, as they hold no trace of malicious code. However, after installation, the rogue add-ons redirect users to web pages laced with malicious scripts that enable extensions to hijack browsers and insert affiliate links into webpages.

“This campaign is still up and running, shifting domains, generating new extensions, and re-inventing more color and style-changing functions you can for sure manage without,” reads Guardio Labs’ advisory. “Adding to that, the code injection technique analyzed here is a vast infrastructure for mitigation and evasion and allows leveraging the campaign to even more malicious activities in the future.”


Dedicated software such as Bitdefender Ultimate Security can protect you against malicious browser extensions and other cyberthreats thanks to its extensive list of features, including:

  • 24/7 real-time protection against worms, viruses, Trojans, rootkits, spyware, ransomware, zero-day exploits and other e-threats
  • Web filtering technology that prevents you from landing on suspicious or unsafe websites
  • Advanced threat defense system that monitors active apps and takes instant action upon detecting suspicious behavior
  • Network threat prevention module that scans, identifies and blocks suspicious network-level activities, including brute force attacks, bleeding-edge exploits and botnet-related URLs

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison
Vlad CONSTANTINESCU

December 05, 2022

1 min read
Hive Social Taken Offline as ‘Critical Vulnerabilities’ Could Expose Private Messages, Other Data Hive Social Taken Offline as ‘Critical Vulnerabilities’ Could Expose Private Messages, Other Data
Filip TRUȚĂ

December 05, 2022

1 min read
Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info
Alina BÎZGĂ

December 02, 2022

2 min read