Malicious Chrome extensions with 1 million downloads can hijack your browser – remove them now

Just like when adding new apps to your smartphone, you should be careful when adding the best google chrome extensions to your browser. Malicious Extensions can be used for ad fraud or even to infect your PC or Mac with malware.

As reported by BeepComputer (opens in a new tab)a new malicious or malicious advertising campaign has been discovered by cybersecurity firm Guardio Labs that uses Chrome extensions to hijack web searches and add affiliate links to all sites you visit.

This malvertising campaign was dubbed “Dormant Colors” by the company’s security researchers due to the fact that all of the malicious extensions in question offer color customization options for Chrome. However, the extensions themselves do not include any malicious code when installed, which allowed them to bypass Google’s security checks and end up on the Chrome Online Store in the first place.

Extensions Frame Colors Chrome

Following its investigation into the matter, Guardio found 30 different versions of these malicious browser extensions on Chrome and Edge online stores with more than one million installations combined. As we mentioned earlier, they’ve been removed from both online stores, but here’s the full list just in case:

  • Action colors
  • Power colors
  • Nino Colors
  • More models
  • great colors
  • mix colors
  • Mega colors
  • get colors
  • What color
  • single color
  • Color scale
  • flexible styling
  • Background colors
  • More models
  • Change color
  • Dood Colors
  • Refresh color
  • imginfo
  • Web page colors
  • Hex colors
  • Sweet sight
  • border colors
  • color mode
  • Xer Colors

How to manually remove Chrome extensions

Although all malicious extensions listed below have since been removed, you may need to manually remove them from Chrome by clicking the three-dot menu at the top right of your browser. From there, click More, then navigate to More Tools > Extensions. Here you will be able to disable extensions and if you have any issues, this accompanying document (opens in a new tab) can guide you through the process.

Hijacking your browser to generate revenue from clicks

In order to trick unsuspecting users into downloading their malicious extensions, cybercriminals behind this campaign use ads or redirects when you visit sites that play videos or offer downloads.

A screenshot of the installation of one of the malicious Dorman Colors extensions

(Image credit: Guardio Labs)

When you try to watch a video or download the program on these sites, you are redirected to another site that says you need to add an extension to continue. If you click “OK” or the “Continue” button, you are prompted to install a color changing extension that seems harmless at first glance.

Once installed, these extensions redirect users to sideloading pages malicious scripts that show extensions how to perform research diversion but they also tell the extension on which sites affiliate links can be inserted. This generates advertising revenue for the creator of these malicious extensions, but your search data is also sold for profit.

These Dormant Colors extensions also have a list of 10,000 sites which can be used to automatically redirect users to the same page but with affiliate links appended to their URLs. Any purchase made on one of these sites will generate a commission for the developers of the extensions.

In a blog post (opens in a new tab) Explaining his findings, Guardio provided additional insight into the potential for this malicious extension campaign to grow further, saying:

“This campaign is still running, changing domains, spawning new extensions, and reinventing more color and style changing features that you can definitely do without. In addition, the code injection technique analyzed here is an extensive mitigation and evasion infrastructure and allows the campaign to be exploited for even more malicious activities in the future.

How to protect yourself from malicious browser extensions

A man looking at his computer in disbelief due to internet problems

(Image credit: fizkes/Shutterstock)

If you are planning to add new extensions to your browser, you should probably have one of the best antivirus software solutions installed on your laptop or PC to protect you from malware infection or data theft.

Other than that, you should only use trusted sources like Chrome Web Store or Microsoft Edge add-ons store to install new extensions. Although bad extensions slip through the cracks from time to time, you are always safer installing browser extensions from an official store than from the web.

At the same time, you should always ask yourself if you really need an extension before installing it. For example, if an extension looks too good to be true, it’s probably worth and not worth installing. You also want to periodically go through your browser’s list of extensions and remove those you no longer use while keeping a close eye on new ones you don’t remember installing.

Browser extensions give you a whole new way to customize your browser and add new features to it. However, just like with apps, cybercriminals often create fake extensions for their own gain that can commit ad fraud or even infect your computer with a virus.

Comments are closed.