Security News > 2022 > October > Chrome extensions with 1 million installs hijack targets’ browsers

Chrome extensions with 1 million installs hijack targets’ browsers
2022-10-24 19:46

Researchers at Guardio Labs have discovered a new malvertizing campaign pushing Google Chrome extensions that hijack searches and insert affiliate links into webpages.

Because all these extensions offer color customization options and arrive on the victim's machine with no malicious code to evade detection, the analysts named the campaign "Dormant Colors."

According to the Guardio report, by mid-October 2022, 30 variants of the browser extensions were available on both the Chrome and the Edge web stores, amassing over a million installs.

When these extensions are first installed, they will redirect users to various pages that side-load malicious scripts that instruct the extension on how to perform search hijacking and on what sites to insert affiliate links.

When performing search hijacking, the extension will redirect search queries to return results from sites affiliated with the extension's developer, thus generating income from ad impressions and the sale of search data.

The extensions and the websites listed in the report's IoCs section have been removed/taken offline, but the researchers warn that the operation is constantly renewed with new add-on names and domains.


News URL

https://www.bleepingcomputer.com/news/security/chrome-extensions-with-1-million-installs-hijack-targets-browsers/