Chrome, Edge: quickly uninstall these 30 extensions!

A hacking campaign based on malicious extensions targets users of Chromium and D’edge.

Computer security researchers from Guardio Labs have identified around 30 malicious extensions targeting Google Chrome and Microsoft Edge web browsers. They are all available from their respective extension store.

Affiliate Hijacking

Cumulatively, these extensions have been installed several million times, the report reveals. They are all part of a single hacking campaign and promise users to customize their browser’s design, theme and colors.

These extensions bypass the security systems of Chrome and Edge, because they do not contain any malicious code upon installation and thus pass under the radar. Users are prompted to install them through advertisements. On some sites, downloading software or watching a video is only permitted by installing one of these seemingly innocuous extensions.

But these steal your browsing data and search engine queries. They also redirect users to pages loading malicious scripts which then allow the extension to insert affiliate identifiers into URL addresses in order to earn a commission in the event of a purchase on a merchant site.

Phishing campaigns to come?

According to the experts who discovered this malicious campaign, called “Dormant Colors”, the technique used by hackers could very well be diverted to perform actions much more dangerous than affiliation.

They fear that users will be redirected to fake phishing sites whose purpose would be to steal usernames and passwords for popular services: Microsoft 365, Google Workspace, banking platforms or social networks. For now, extensions wouldn’t adopt this behavior, but it would take a few more scripts to be able to do so.

The extensions shown in the image below are part of this malicious campaign. They should have been removed by now, but they will return under new names very soon, if they haven’t already, the researchers predict.

Sources: BleepingComputer, Guardio