Researchers at Guardio Labs have discovered a new malvertising campaign, called Dormant Colors, aimed at delivering malicious Google Chrome extensions.
The Chrome extensions hijack searches and insert affiliate links into web pages. The experts called the campaign Dormant Colors because the extensions offer color customization options.
“It starts with the trickery malvertising campaign, continues with a crafty novel way to side-load the real malicious code without anyone noticing (until now!), and finally with stealing not only your searches and browsing data, but also affiliation to 10,000 targeted sites — a capability that is easily leveraged for targeted spear phishing, account takeover and credential extraction — all using this powerful network of millions of infected computers worldwide!” reads the post published by the Guardio Labs.
By mid-October 2022, the researchers discovered at least 30 variants of these extensions in both Chrome and Edge web stores. The malicious browser extensions counted over a million installs.
