Thirty malicious web browser extensions with more than a million installs in Google Chrome and Microsoft Edge have been leveraged as part of the new Dormant Colors malvertising campaign, reports BleepingComputer.
Such extensions, which provide color customization options and are downloaded without any malicious code, perform search hijacking to facilitate affiliate link insertion to webpages, a report from Guardio Labs revealed. Attacks commence with the download of innocuous-looking color-changing extensions that redirect victims to different pages that side-load scripts for search hijacking and affiliate link insertion.
"To finish it up, it also assigns a new URL to the location object so you are redirected to the advertisement that finalizes this flow as it is was just another advertisement popup," said researchers.
Aside from performing affiliation hijacking, Dormant Colors operators could launch more severe compromises using the same side-loading approach, with the technique likely to be used for phishing pages aimed at exfiltrating Microsoft 365, social media, bank site, and Google Workspace credentials.
Novel malvertising campaign targets browsers
Thirty malicious web browser extensions with more than a million installs in Google Chrome and Microsoft Edge have been leveraged as part of the new Dormant Colors malvertising campaign, reports BleepingComputer.
Security pros say teams should install the macOS 15.0.1 patch and first run it in a production environment with their security tools to ensure compatibility.
Such an issue, which was identified and reported by Databricks security team member Kostya Kortchinsky, affects all Apache Avro instances up to version 1.11.3, according to Qualys Manager of Threat Research Mayuresh Dani, who also noted potential abuse of the bug through Kafka.