This malvertising campaign has hit over a million Google Chrome users
Malicious Google Chrome extensions are hijacking search queries
A major malvertising campaign has been discovered hijacking people’s internet searches, and adding affiliate links to websites.
According to the researchers that spotted the campaign, the developers generate plenty of income through affiliate commissions and search data sales.
Experts from Guardio Labs recently discovered as many as 30 browser extensions for both Chrome and Edge, active since at least mid-October 2020, and having been downloaded more than a million times.
Dormant Colors
When victims visit different sites offering video downloading services, they’re first forced to download the extension, in order to continue with the download, the researchers found.
The extension offers color customization options and comes with no malicious code, it was said, allowing it to pass antivirus scans. This is also why the researchers decided to dub the campaign “Dormant Colors”. However, after installation, the extension will redirect the user to a webpage that side-loads malicious scripts that tell the extension how to hijack search results and add affiliate links.
The extension would be instructed to return search results for queries from sites affiliated with the developers, that way generating income from ad impressions and search data sales.
What’s more, it comes with a redirect list of roughly 10,000 websites. Should the victim try to visit any of those sites, they would be redirected to it - but through a link with an affiliate link. As a result, any purchase made on those sites would earn the developers commission.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
While the campaign might come off as a nuisance, it’s not exactly damaging to the victims and doesn’t steal money directly from their pockets. However, researchers are warning that the same methodology could be used to steal sensitive information, or login credentials, from the targets.
By redirecting the users to a phishing site, the attackers could obtain Microsoft 365 or Google Workspace passwords, and details from banking sites, or social media platforms.
- These are the best malware removal solutions out there
Via: BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.