As dangerous as the Google Play store can be for Android devices, the Chrome Web Store is just as risky if you aren’t careful. On Sunday, the cybersecurity team at Guardio Labs alerted Chrome users to a new campaign that lets hackers hijack browsers using extensions. Over a million users have downloaded the malicious extensions already.
Some Chrome extensions can hijack your browser
As the researchers explain, 30 variants of the seemingly innocuous extension were available for Google Chrome and Microsoft Edge as of mid-October.
At first glance, the extensions look to be basic color or style-changing tools for your browser. That’s why Guardio has named this malvertising campaign “Dormant Colors” — the browser extension itself doesn’t contain any malicious code. Instead, the extension redirects users to pages offering videos or downloads. In order to watch the video or download the software, those pages will push you to download another extension.
Here’s what it looks like in action, so you know what to look out for in the future:
Hopefully, a page that looks like this would set off internal alarms and have you running for the hills. But let’s say you did attempt to add this very suspicious extension to your browser. The malicious extension immediately begins side-loading code into your browser. This code will redirect you to sites where the developers of the extension can generate cash through ad impressions. As bad as this sounds, it gets even worse.
If you visit a site on the extension’s “shopping list,” it will redirect you to a new URL with an affiliate link. This makes money for the developer of the extension if you end up purchasing anything. It’s also possible for the developers to use this method of hijacking to send users to fake login pages and steal their usernames and passwords.
Guardio shared the following list of extensions that are part of the campaign:
Thankfully, most, if not all, of these extensions are no longer on the Chrome Web Store. If you happen to have any of these extensions installed on your browser, you should remove them as soon as possible. Even if you don’t, be vigilant, as Guardio claims the campaign “is still up and running, shifting domains, generating new extensions, and re-inventing more color and style-changing functions you can for sure manage without.”