Thirty malicious web browser extensions with more than a million installs in Google Chrome and Microsoft Edge have been leveraged as part of the new Dormant Colors malvertising campaign, reports BleepingComputer.
Such extensions, which provide color customization options and are downloaded without any malicious code, perform search hijacking to facilitate affiliate link insertion to webpages, a report from Guardio Labs revealed. Attacks commence with the download of innocuous-looking color-changing extensions that redirect victims to different pages that side-load scripts for search hijacking and affiliate link insertion.
"To finish it up, it also assigns a new URL to the location object so you are redirected to the advertisement that finalizes this flow as it is was just another advertisement popup," said researchers.
Aside from performing affiliation hijacking, Dormant Colors operators could launch more severe compromises using the same side-loading approach, with the technique likely to be used for phishing pages aimed at exfiltrating Microsoft 365, social media, bank site, and Google Workspace credentials.
Vulnerability Management, Malware, Application security
Novel malvertising campaign targets browsers
Share
An In-Depth Guide to Application Security
Get essential knowledge and practical strategies to fortify your applications.
Related Events
Related Terms
AdwareBannerBrowserBugCache CrammingClientCommon Gateway Interface (CGI)CookieDLL InjectionDisassemblyGet daily email updates
SC Media's daily must-read of the most current and pressing daily news