[MART] - Daily Diary #617 - Dormant Colors Malicious Browser Extensions

ctas-mat at appgate.com ctas-mat at appgate.com
Mon Oct 24 23:00:55 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

10/24/2022 - Diary entry #617:

A new malvertising campaign was recently found distributing 30 malicious Chromium-based browser extensions available on Google Chrome and Microsoft Edge web stores. With over a million installs, the campaign was dubbed “Dormant Colors” because when they are first downloaded, the extensions have harmless behavior.

All the extensions offer similar functionalities related to color customization on web pages. After being installed, the extensions redirect users to several pages, fetching additional malicious scripts and allowing the extensions to hijack searches and insert affiliate links for generating income for the developers.

The extensions from this recent campaign were removed from the browsers' web stores and their C2s were taken down. However, it’s easy for threat actors to create other domains and disguised extensions.

Moreover, considering the stealthiness of the malicious extensions and the number of infections, these threats can be easily employed in other attacks such as distributing malware or redirecting victims to phishing pages.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>


Malware Analysis and Research Team

E: ctas-mat at appgate.com<mailto:ctas-mat at appgate.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20221024/0e870eb6/attachment.htm>

More information about the MART mailing list