“Dormant Colors”: Live Campaign With Over 1M Data Stealing Extensions Installed

Guardio

Oct 23

·10 min read

TL;DR

The “Dormant Colors” is yet another vast campaign of malicious extensions with millions of active installations worldwide, this time with a color-related theme and full of deception all through the chain. It starts with the trickery malvertising campaign, continues with a crafty novel way to side-load the real malicious code without anyone noticing (until now!), and finally with stealing not only your searches and browsing data, but also affiliation to 10,000 targeted sites — a capability that is easily leveraged for targeted spear phishing, account takeover and credential extraction — all using this powerful network of millions of infected computers worldwide!

The Dormant Colors Extensions Catalogue

By mid-October 2022 there were at least 30 variants of this extension part of a campaign for both Chrome and Edge, available freely in the relevant stores:

Some of the extension variants and application icons used

A “Dormant-Colors” extension live

Read more

Explore the site

More from the blog

Latest News