This malvertising campaign has hit over a million Google Chrome users

Representational image depecting cybersecurity protection

(Image credit: Shutterstock)

A major malvertising campaign has been discovered hijacking people’s internet searches, and adding affiliate links to websites.

According to the researchers that spotted the campaign, the developers generate plenty of income through affiliate commissions and search data sales.

Experts from Guardio Labs recently discovered as many as 30 browser extensions for both Chrome and Edge, active since at least mid-October 2020, and having been downloaded more than a million times.

Dormant Colors

When victims visit different sites offering video downloading services, they’re first forced to download the extension, in order to continue with the download, the researchers found.

The extension offers color customization options and comes with no malicious code, it was said, allowing it to pass antivirus scans. This is also why the researchers decided to dub the campaign “Dormant Colors”. However, after installation, the extension will redirect the user to a webpage that side-loads malicious scripts that tell the extension how to hijack search results and add affiliate links.

The extension would be instructed to return search results for queries from sites affiliated with the developers, that way generating income from ad impressions and search data sales.

> Malicious Google Chrome extensions installed on more than one million devices

> Millions of us are using malicious browser extensions without realizing

> These are the best secure browsers right now

What’s more, it comes with a redirect list of roughly 10,000 websites. Should the victim try to visit any of those sites, they would be redirected to it - but through a link with an affiliate link. As a result, any purchase made on those sites would earn the developers commission.

While the campaign might come off as a nuisance, it’s not exactly damaging to the victims and doesn’t steal money directly from their pockets. However, researchers are warning that the same methodology could be used to steal sensitive information, or login credentials, from the targets.

By redirecting the users to a phishing site, the attackers could obtain Microsoft 365 or Google Workspace passwords, and details from banking sites, or social media platforms.

These are the best malware removal solutions out there

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.