Updated on 2022-10-25
Guardio Labs researchers spotted a new malvertizing campaign, dubbed Dormant Colors, pushing around 30 Google Chrome and Edge extensions to hijack search results. The extensions gathered over a million downloads. Read more: Chrome extensions with 1 million installs hijack targets’ browsers
Overview: DormantColors
Guardio Security researchers published details on DormantColors, a threat actor specialized in distributing malicious Chrome and Edge browser extensions. According to researchers, this group relies on malvertising to promote their sites, a novel way to side-load malicious code, which it then uses to steal browsing and search data, and also hijack affiliate IDs on more than 10,000 websites. Guardio said they named the group DormantColors because most of their extensions provide UI color customization features. All the group’s extensions were hosted on the official stores. Read more: “Dormant Colors”: Live Campaign With Over 1M Data Stealing Extensions Installed
Extension IDs are in the company’s blog post, and a list of names is embedded below.
Alex Lim
Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook
