Skip to Content

DormantColors hijack search results using browser’s extension

Updated on 2022-10-25

Guardio Labs researchers spotted a new malvertizing campaign, dubbed Dormant Colors, pushing around 30 Google Chrome and Edge extensions to hijack search results. The extensions gathered over a million downloads. Read more: Chrome extensions with 1 million installs hijack targets’ browsers

Overview: DormantColors

Guardio Security researchers published details on DormantColors, a threat actor specialized in distributing malicious Chrome and Edge browser extensions. According to researchers, this group relies on malvertising to promote their sites, a novel way to side-load malicious code, which it then uses to steal browsing and search data, and also hijack affiliate IDs on more than 10,000 websites. Guardio said they named the group DormantColors because most of their extensions provide UI color customization features. All the group’s extensions were hosted on the official stores. Read more: “Dormant Colors”: Live Campaign With Over 1M Data Stealing Extensions Installed

Extension IDs are in the company’s blog post, and a list of names is embedded below.

Extension IDs are in the company's blog post, and a list of names is embedded.

    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on