Google Chrome extensions with over 1 million downloads hijacking browsers

The newest type of malware making its way around the web is called malvertising, which is malicious advertising. It’s being used to target apps on Android devices and even iPhones.

Scammers have now turned to extensions on the Google Chrome browser. Chrome along with Microsoft Edge users need to check to be sure they weren’t one of the million-plus downloads of these malicious Chrome extensions that could lead to hijacking your computer, accounts, and even financial information.

We’ve covered some of my most useful chrome extensions here.  Luckily, none of my picks were affected by this malware.


Malicious Google Chrome extensions

This latest scheme is called the Dormant Colors campaign, as dubbed by Guardio Security who first reported on this new malware attack because most of these harmful extensions promise to let you change the colors of your browser.


What is a browser extension?

If you’ve been on the internet and browsed different websites, you’ve likely used or been asked to download something called a browser extension at one point or another. Browser extensions are small software programs that run in tandem with your browser to perform certain functions or behaviors to enhance your user experience. Not only can browser extensions make your online experience safer, but they can also make it more convenient.  Because they are smaller programs that exist within the ‘confines’ of your browser, you can have multiple extensions within the same browser so you can customize your experience.

With thousands of free extensions, you can find something to meet most of your needs. Because most extensions are created by third-party developers, it is important to be discerning about which extensions you choose.


How do the malicious extensions get on your computer?

One way users have been targeted is through hackers paying for ads and videos to appear as you browse the web. These videos and ads will offer something that requires you to install or download an extension on your browser, which is somewhat typical. However, these extensions are anything but typical.

First, you’ll receive a pop-up that asks you to click OK or Continue to download the extension needed to continue watching the videos you were watching. Again, this looks standard, but once you click OK and download the extension that pops up, you’ve just accidentally invited hackers into your device.

In the case of the Dormant Color campaign, the extension may initially seem innocent as you click through color schemes and themes to make your Chrome look a little cooler, but unfortunately, there is coding deeper within that can harm you in bigger ways.

Next, this can lead to the malicious advertising we previously mentioned. This happens in a super sneaky and quick way right after you install a new extension. You may just notice a new window with a blank page open, or a normal advertisement pop-up, but what happened was the extension you installed actually ran a bunch of commands that are working behind the scenes as your browse online.


How the malicious extensions hijack your web search

The hackers make these extension installations look so real that you may not even realize what you’re clicking on is fake. First, they make you install the extension, but most importantly, they want you to enable it. Once you do, you’ve given this “extension” permission to redirect you to all sorts of malicious sites.

It may open a window that looks just like any other search engine like Google or Yahoo, but the site is actually saving everything you type and search.  These dangerous extensions also contain coding that has a list of over 10,000 domain names they can use as affiliate links. That means anytime you click a link, the extension will automatically change that link to an affiliate link.


How your hijacked web searches are used by hackers

When you hand your search history over to the hackers, even without knowing, they can find out exactly how, when, and where to place their malicious ads on the websites you’re visiting. If you click these ads, and in some cases, if you even just view the ads, that scammer who made these false extensions is making cash. Affiliate links also mean that every time you visit one of their 10k+ websites or purchase something from one of their links it will generate income for the hacker who created it.


What extensions do I need to delete?

Be sure to check your installed extensions and look for any of the extension names from the list below:

  • More styles
  • Change Color
  • Dood Colors
  • Refresh color
  • Imginfo
  • WebPage Colors
  • Hex colors
  • Soft view
  • Border colors
  • Colors mode
  • Xer Colors
  • Action Colors
  • Power Colors
  • Nino Colors
  • More Styles
  • Super Colors
  • Mix Colors
  • Mega Colors
  • Get colors
  • What color
  • Single Color
  • Colors scale
  • Style flex
  • Background Colors


Be sure to click here to learn how to uninstall extensions on Chrome, Edge, and Safari.


How to protect yourself against malvertisement scams

1) Download extensions from the Google Web Store source

In this particular case, it’s important to remember you should always download an extension directly from your browser’s web store. Head here to the Chrome Web Store to add extensions on Google Chrome and you can browse and search extensions and read reviews to make sure people haven’t had issues.

2) Have antivirus software always up and running

It is important to remember that most extensions are from third-party companies so you’ll want to protect your device using a backup method like installing Antivirus software.  We’ve broken down the top antivirus programs for 2022,  but the most important factor to look for if you’re hoping for everyday protection before it’s too late is to find software with trusted real-time monitoring so you don’t even end up installing a malicious app or extension.

Our top recommendation, a premium TotalAV subscription includes both real-time anti-malware protection as well as advanced AI-driven cloud protection, which keeps your computers protected against the very latest zero-day threats.

Should malicious behavior be detected on PC, Mac, Android, and iOS devices, TotalAV interjects and stops the process as well as quarantines the files that are about to cause problems.  This process works silently in the background, having minimal impact on system resources.

While you may hope to protect your devices 24/7 for no-cost, any software that offers it for free won’t actually be protecting your devices. Then you may be at a higher risk for viruses and malware because you think your computer or phone is protected.

It’s worth a small price to pay to keep your personal information, data, and all of your devices safe from hackers.



Related posts

New Hook malware targets Android devices

How to create or leave a group text

A beginners guide to cookies: Accept or Reject?