This malvertising campaign has hit over a million Google Chrome users

News
By published

Malicious Google Chrome extensions are hijacking search queries

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

A major malvertising campaign has been discovered hijacking people’s internet searches, and adding affiliate links to websites. 

According to the researchers that spotted the campaign, the developers generate plenty of income through affiliate commissions and search data sales. 

Experts from Guardio Labs recently discovered as many as 30 browser extensions for both Chrome and Edge, active since at least mid-October 2020, and having been downloaded more than a million times. 

Dormant Colors

When victims visit different sites offering video downloading services, they’re first forced to download the extension, in order to continue with the download, the researchers found.

The extension offers color customization options and comes with no malicious code, it was said, allowing it to pass antivirus scans. This is also why the researchers decided to dub the campaign “Dormant Colors”. However, after installation, the extension will redirect the user to a webpage that side-loads malicious scripts that tell the extension how to hijack search results and add affiliate links. 

The extension would be instructed to return search results for queries from sites affiliated with the developers, that way generating income from ad impressions and search data sales. 

Read more

> Malicious Google Chrome extensions installed on more than one million devices

> Millions of us are using malicious browser extensions without realizing

> These are the best secure browsers right now

What’s more, it comes with a redirect list of roughly 10,000 websites. Should the victim try to visit any of those sites, they would be redirected to it - but through a link with an affiliate link. As a result, any purchase made on those sites would earn the developers commission. 

While the campaign might come off as a nuisance, it’s not exactly damaging to the victims and doesn’t steal money directly from their pockets. However, researchers are warning that the same methodology could be used to steal sensitive information, or login credentials, from the targets. 

By redirecting the users to a phishing site, the attackers could obtain Microsoft 365 or Google Workspace passwords, and details from banking sites, or social media platforms.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
chrome firefox extensions
Google Chrome extensions hit in major attack - dozens of developers affected, so be on your guard
HTTPS in a browser address bar
Malicious "polymorphic" Chrome extensions can mimic other tools to trick victims
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Microsoft reveals over a million PCs hit by malvertising campaign
A finger touching the google chrome icon in the Windows 10 start menu
A new Chrome browser highjacking attack could affect billions of users - here's how to fight it
Chrome icon on Android
Google Chrome extensions hack may have started much earlier than expected
A close-up of an interent search bar with 'http://ww' visible
Major website hijacking scam sees over 35,000 sites attacked, redirected to gambling sites, so be on your guard
Latest in Software & Services
TinEye website
I like this reverse image search service the most
A person in a wheelchair working at a computer.
Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other
This people search finder covers all the bases, but it's not perfect
That's Them home page
Is That's Them worth it? My honest review
woman listening to computer
AWS vs Azure: choosing the right platform to maximize your company's investment
A person at a desktop computer working on spreadsheet tables.
Trello vs Jira: which project management solution is best for you?
Latest in News
Apple Watch Ultra 2 timer
The Apple Watch is getting a sleep alarm upgrade it probably should have had 10 years ago
Nikon Z5
The Nikon Z5 II could land soon – here's what to expect from Nikon's rumored entry-level full-frame camera
Google Pixel Watch 3
Google Pixel Watches hit with delayed notifications, crashing, and performance issues following Wear OS 5.1 update
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Google Gemini AI
Gemini can now see your screen and judge your tabs
More about software services
A person in a wheelchair working at a computer.

Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other

This people search finder covers all the bases, but it's not perfect
Apple Watch Ultra 2 timer

The Apple Watch is getting a sleep alarm upgrade it probably should have had 10 years ago
See more latest
Most Popular
Apple Watch Ultra 2 timer
The Apple Watch is getting a sleep alarm upgrade it probably should have had 10 years ago
Nikon Z5
The Nikon Z5 II could land soon – here's what to expect from Nikon's rumored entry-level full-frame camera
Google Pixel Watch 3
Google Pixel Watches hit with delayed notifications, crashing, and performance issues following Wear OS 5.1 update
Frank Castle pinning Matt Murdock against a locker in Daredevil: Born Again episode 4
What time is Daredevil: Born Again episode 5 going to be released on Disney+?
AMD Ryzen 9950X
I analyzed 25 AMD Zen 4 and Zen 5 CPUs and the Ryzen 9 9900X is the best of them all right now: Here’s why
Ugreen \00d7 Genshin Impact Kinich Collectible Gift Box and exclusive Genshin Impact merchandise.
Ugreen reveals exclusive Genshin Impact collection and they're some of the most eye-catching charging products I've ever used
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Google Gemini AI
Gemini can now see your screen and judge your tabs
iFi iDSD Valkyrie in gold, on a beige desk
iFi's iDSD Valkyrie DAC wants to guide your music to the great hall of Valhalla
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame