Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Chrome Extensions Harboring Dormant Colors Malware Infect Over a Million PCs

Guardio Labs security researchers identified malicious Chrome extensions that contained browser extension malware. The malicious extensions could hijack search results and inject ads into otherwise secure pages.

Dormant Colors Adware Detected in Chrome Extensions

Dormant Colors is a widespread browser extension malware, which according to a report from Guardio Labs, was discovered in the latest batch of Chrome extensions. This is basically adware spread across 30 different extensions in Microsoft’s Edge Add-ons repository and the Chrome Web Store.

These malicious extensions were also spotted on spammed video-downloading websites. Researchers suspect that the extensions can send users to phishing sites that steal login credentials.

Analyzing Adware Capabilities

Dormant Colors can inject ads into standard pages and append affiliate links to famous e-commerce websites to get the same affiliate revenue for the developer that legit sites get from linking those products.

As per the researchers, the adware is dubbed Dormant Colors because it focuses a lot on style and color themes from Super colors to Action colors, Power colors, etc. It comprises 30 different extensions boasting over one million downloads.

The infection chain starts when innocent-looking helps marketed as webpage modifiers allow users to alter font styles and background colors on the sites they visit. In the background, the adware hijacks the user’s browsing or search histories, inserts ads within accessed webpages, and side-loads malicious code while successfully evading detection. In total, 30 malicious extensions were discovered.


According to a blog post by Nati Tal from Guardio, the attackers can target domains and individual users through fake search results, website hijacking, or spear phishing after stealing the user’s browser data and transmitting it to a C2 server. This data is used to update the extension with more advanced attack vectors through silent code injection.

Both Microsoft and Google have taken down the malicious extensions. However, developers can still re-upload them. You must double-check the browser extension’s source before installing it. Moreover, always use credible anti-virus software.

Protection from Malicious Chrome Extension

A malicious Chrome extension is a type of malware that can infect your computer through the Chrome web browser. These extensions are often used to track your browsing activity and steal your personal information. There are a few things you can do to protect yourself from these extensions.

First, only install extensions from trusted sources. Google’s Chrome Web Store is a good place to start, but you should also check reviews before installing anything. If an extension seems too good to be true, it probably is.

Second, keep your browser and extensions up to date. Both Chrome and the extensions you have installed will receive updates regularly. These updates usually include security fixes that can help protect you from new threats.

Finally, be cautious about the permissions you grant to extensions. Many malicious extensions will ask for more permissions than they need.

  1. 70 malicious Chrome extensions found spying on 32 million+ users
  2. Malicious Chrome extensions can steal data by abusing Sync feature
  3. Chrome extensions with 80 million+ users found engaging in ad fraud
  4. Malicious Chrome extensions stealing data with cryptomining malware
  5. The Great Suspender Chrome extension used by millions was malware


I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related News

Portion of Twitter’s proprietary source code leaked on GitHub

Portion of Twitter’s proprietary source code leaked on GitHub

Reportedly, the source code remained public for several months before being taken down by GitHub. According to a news report…
Pwn2Own 2023: Tesla Model 3, Windows 11, Ubuntu and more Pwned

Pwn2Own 2023: Tesla Model 3, Windows 11, Ubuntu and more Pwned

At Pwn2Own 2023, participants were awarded a full bounty (more than $1,000,000) in each round for successful exploits. Pwn2Own, as…
Latitude Financial Data Breach: 14 Million Customers Affected

Latitude Financial Data Breach: 14 Million Customers Affected

The Australian consumer lender, Latitude Financial, has suffered a major cyber attack, leading to a data breach of passport and…