Not one, not two, but thirty Chrome extensions with a total of 1 million installs were found to be promoting malicious ads
Researchers from Guardio Labs they discovered a new malicious campaign advertisings, where through Google Chrome extensions they hack your searches and insert their own affiliate links on the websites you visit.
All of these extensions basically offer Chrome color customization options, and come to the victim's machine without any malicious code to avoid detection. Analysts called the campaign “Dormant Colors”.
According to the Guardio Labs report, by mid-October 2022, 30 variants of the browser extensions were available in both the Chrome and Edge web stores, amassing over one million installations.
The infection starts with ads or redirects when you visit websites that offer them video download. Additionally, when you try to download the file or watch the video, you are redirected to another site stating that you need to install an extension to continue, as shown below.
When the visitor clicks the OK or Continue button, they are prompted to install a harmless-looking color-changing extension.
But when these extensions are first installed, they will redirect users to various pages with malicious scripts (scripts) τα οποία με την σειρά τους καθοδηγούν την επέκταση σχετικά με τον τρόπο εκτέλεσης της invasionand on which sites to insert their affiliate links.
Once their affiliate links are appended to the URL, any purchase made on the site will generate a commission for the malicious developers.
Researchers warn that by using the same stealthy malicious code-loading technique, Dormant Colors' operators could potentially achieve more sinister things than simply serving ads. They could redirect victims to phishing pages to steal credentials for the websites you visit, including banking websites.
The malicious extensions have already been removed from the Chrome and Edge stores, but researchers warn that the campaign is constantly being renewed with new extension names.