·10 min read
The “Dormant Colors” is yet another vast campaign of malicious extensions with millions of active installations worldwide, this time with a color-related theme and full of deception all through the chain. It starts with the trickery malvertising campaign, continues with a crafty novel way to side-load the real malicious code without anyone noticing (until now!), and finally with stealing not only your searches and browsing data, but also affiliation to 10,000 targeted sites — a capability that is easily leveraged for targeted spear phishing, account takeover and credential extraction — all using this powerful network of millions of infected computers worldwide!
We will share our findings and shine a light on those already not-so-dormant extensions, how we discovered their crafty way to avoid detection, and yet again — how they find new ways to steal our data and monetize on our backs!
More in this series:
BadEx Part I: The Dynamic Search Hijackers
The Dormant Colors Extensions Catalogue
By mid-October 2022 there were at least 30 variants of this extension part of a campaign for both Chrome and Edge, available freely in the relevant stores:
Some of the extension variants and application icons used
This campaign has been around for a while and some variants of those extensions were flagged already as potentially harmful in the past — yet this campaign continues in full throttle, with many variants currently available on both Edge and Chrome stores, leading to millions of currently active installations worldwide!
A “Dormant-Colors” extension live