Updated on 2022-10-25
Guardio Labs researchers spotted a new malvertizing campaign, dubbed Dormant Colors, pushing around 30 Google Chrome and Edge extensions to hijack search results. The extensions gathered over a million downloads. Read more: Chrome extensions with 1 million installs hijack targets’ browsers
Overview: DormantColors
Guardio Security researchers published details on DormantColors, a threat actor specialized in distributing malicious Chrome and Edge browser extensions. According to researchers, this group relies on malvertising to promote their sites, a novel way to side-load malicious code, which it then uses to steal browsing and search data, and also hijack affiliate IDs on more than 10,000 websites. Guardio said they named the group DormantColors because most of their extensions provide UI color customization features. All the group’s extensions were hosted on the official stores. Read more: “Dormant Colors”: Live Campaign With Over 1M Data Stealing Extensions Installed
Extension IDs are in the company’s blog post, and a list of names is embedded below.