Malicious Google Chrome Extensions Are Reportedly Causing Havoc

Malicious Google chrome extensions are reportedly causing havoc and hijacking search queries. This very malvertising campaign has hit more than a million users of Google chrome.

Malicious Google Chrome Extensions Are Reportedly Causing Havoc

Malicious Google Chrome Extensions Are Reportedly Causing Havoc

A major malvertising campaign just recently has been discovered. This malvertising campaign has been hijacking internet searches of people and also adding affiliate links to websites unknowingly.

And according to the researchers that found the campaign, the developers generate a whole lot of income via affiliate commissions and search data sales.

Experts from Guardio Labs have recently found as plenty as 30 browser extensions for edge and chrome which have been active ever since at least mid-October 2020, and also having been downloaded over a million times.

How the Whole Operation Works

Victims of this scam when they visit various sites that are offering downloading services will be forced to first download the extension in a bid to continue with the download, the researchers found.

And the extension as you would have guessed offers color customization options and also comes with no malicious code, it was gathered thus allowing it to pass through antivirus scans without being caught. This is also one of the reasons the researchers have dubbed the campaign ‘Dormant Colors.’ After the installation of the extension, the user will be redirected by the extension to a webpage that side-loads malicious scripts that direct the extension on how to hijack search results and add affiliate links.

The extension would then be instructed to return search results for queries from websites that are affiliated with developers and in the process generate income from ad impressions and the sales of search data.

What’s more interesting is that it comes with a redirect list of roughly 10,000 websites. And should the victim try to visit any of those websites, they would be redirected to it but via a link with an affiliate link. As a result of this, any purchase that is made on those sites would then earn the developer’s commission.

The Scheme Does Not Cause Any Real Damage to the Victims

While the campaign might come off as a nuisance, it is really not damaging to the victims and it does not steal money directly from their pockets. But, researchers, however, are warning that the same methodology could be used to steal sensitive pieces of information, or login credentials, from the targets.

Simply by redirecting users to a phishing website, the attackers could easily get access to Microsoft 365 or Google workspace passwords and details to social media platforms and even banking sites.


Please enter your comment!
Please enter your name here