Malware-ridden Chrome extension infects over a million PCs

You know that you need to be careful with what you install on your computer — or at least you should by now. But web browsers are getting so complex and powerful that they’re essentially little virtual machines that just happen to play YouTube videos. So let’s take yet another opportunity to remind ourselves: we need the same kind of care and caution when installing browser extensions, even from ostensibly “safe” sources. Case in point, the latest widespread browser extension malware, which has been downloaded and installed over a million times.

Stay Safe with the best antivirus

Norton 360 Deluxe

So reports security researcher Guardio Labs (via BleepingComputer), which spotted the latest batch of extensions that hijack search results to inject advertising into otherwise benign pages. The so-called “Dormant Colors” adware is spread across an impressive thirty different individual extensions in both the Chrome Web Store and Microsoft’s Edge Add-ons repository. (The latest version of Edge is based on Chromium case, and can run Chrome-based extensions without modification.) The extensions have also been spotted on spammy video download sites.

At the time of writing, the identified extensions have been removed from the various stores. Anyone with the following extensions installed in their browser should remove them immediately:

Action ColorsBackground ColorsBorder ColorsChange ColorColors ModeColors ScaleDood ColorsGet ColorsHex ColorsImginfoMega ColorsMix ColorsMore StylesNino ColorsPower ColorsRefrech Color [sic]Single ColorSoft ViewStyle FlexSuper ColorsWebPage ColorsWhat ColorXer Colors

In addition to injecting advertising into standard pages, the malware can reportedly append affiliate links to popular shopping websites, netting the developer the same kind of affiliate revenue legitimate sites (like this one!) get from linking products. While it’s possible that the extensions could also send users to phishing pages set up to steal login information, that hasn’t been observed so far.

While Google and Microsoft seem to have taken down the extensions known to be compromised, there’s nothing stopping the developers from simply making more accounts and re-uploading them, to say nothing of the “wild” versions loaded onto spam websites. To keep yourself protected, always double-check the source of a browser extension and keep an active anti-virus running.


Leave a Reply