[ad_1]
You know you have to be careful about what you install on your computer – or at least you should now. But web browsers are becoming so sophisticated and powerful that they are essentially little virtual machines that simply play YouTube videos. So let’s take yet another opportunity to remind ourselves: we need the same care and caution when installing browser extensions, even from seemingly “safe” sources. Case in point, the latest widespread browser extension malware that has been downloaded and installed over a million times.
So reports security researcher Guardio Labs (via BleepingComputer), which spotted the latest batch of extensions that hijack search results to inject advertising into otherwise benign pages. The so-called “Dormant Colors” adware is spread across an impressive thirty different individual extensions in both the Chrome Web Store and the Microsoft Edge Add-ons repository. (The latest version of Edge is based on a Chromium instance, and can run Chrome-based extensions without modification.) The extensions have also been spotted on spam download sites.
At the time of writing, the identified extensions have been removed from the various stores. Anyone with the following extensions installed on their browser should remove them immediately:
- Action Colors
- Background Colors
- Border Colors
- Change Color
- Colors Mode
- Colors Scale
- Dood Colors
- Get Colors
- Hex Colors
- Image info
- Mega Colors
- Mix Colors
- More Styles
- Nino Colors
- Powerful Colors
- Refresh Color [sic]
- Single Color
- Soft View
- Style Flex
- Super Colors
- Web Page Colors
- Which Color
- Xer Colors
In addition to injecting advertising into standard pages, the malware can reportedly add affiliate links to popular shopping sites, netting the developer the same kind of affiliate income legitimate sites (like this one!) get from linking to products. While it is possible that the extensions could also send users to phishing pages set up to steal login information, this has not been observed so far.
While Google and Microsoft seem to have removed the extensions known to be compromised, there’s nothing stopping developers from simply making more accounts and re-uploading them, to say nothing of the “wild” versions uploaded to spam sites. To keep yourself protected, always double check the source of a browser extension and keep an active antivirus running.
[ad_2]
Source link