"Chrome Extensions With 1 Million Installs Hijack Targets' Browsers"

Guardio Labs researchers have discovered a new malvertising campaign that promotes Google Chrome extensions that hijack searches and insert affiliate links into webpages. The analysts named the campaign "Dormant Colors" because all of these extensions offer color customization options and arrive on the victim's machine with no malicious code to avoid detection. According to the Guardio report, by mid-October 2022, 30 variants of the browser extensions had amassed over a million installs on both the Chrome and Edge web stores. When visiting web pages that offer a video or download, the infection begins with advertisements or redirects. When a user tries to download the program or watch the video, they are redirected to another site that says they need to install an extension to continue. When the visitor clicks the 'OK' or 'Continue' button, they are asked to install a seemingly innocuous-looking color-changing extension. When these extensions are first installed, they will redirect users to various pages that side-load malicious scripts instructing the extension on how to perform search hijacking and where to insert affiliate links. This article continues to discuss the Dormant Colors malvertising campaign pushing extensions that hijack searches and insert affiliate links into webpages.

Bleeping Computer reports "Chrome Extensions With 1 Million Installs Hijack Targets' Browsers"