You know that you need to be careful with what you install on your computer — or at least you should by now. But web browsers are getting so complex and powerful that they’re essentially little virtual machines that just happen to play YouTube videos. So let’s take yet another opportunity to remind ourselves: we need the same kind of care and caution when installing browser extensions, even from ostensibly “safe” sources. Case in point, the latest widespread browser extension malware, which has been downloaded and installed over a million times.
So reports security researcher Guardio Labs (via BleepingComputer), which spotted the latest batch of extensions that hijack search results to inject advertising into otherwise benign pages. The so-called “Dormant Colors” adware is spread across an impressive thirty different individual extensions in both the Chrome Web Store and Microsoft’s Edge Add-ons repository. (The latest version of Edge is based on Chromium case, and can run Chrome-based extensions without modification.) The extensions have also been spotted on spammy video download sites.
At the time of writing, the identified extensions have been removed from the various stores. Anyone with the following extensions installed in their browser should remove them immediately:
- Action Colors
- Background Colors
- Border Colors
- Change Color
- Colors Mode
- Colors Scale
- Dood Colors
- Get Colors
- Hex Colors
- Imginfo
- Mega Colors
- Mix Colors
- More Styles
- Nino Colors
- Power Colors
- Refrech Color [sic]
- Single Color
- Soft View
- Style Flex
- Super Colors
- WebPage Colors
- What Color
- Xer Colors
In addition to injecting advertising into standard pages, the malware can reportedly append affiliate links to popular shopping websites, netting the developer the same kind of affiliate revenue legitimate sites (like this one!) get from linking products. While it’s possible that the extensions could also send users to phishing pages set up to steal login information, that hasn’t been observed so far.
While Google and Microsoft seem to have taken down the extensions known to be compromised, there’s nothing stopping the developers from simply making more accounts and re-uploading them, to say nothing of the “wild” versions loaded onto spam websites. To keep yourself protected, always double-check the source of a browser extension and keep an active anti-virus running.
Author: Michael Crider, Staff Writer, PCWorld
Michael is a 10-year veteran of technology journalism, covering everything from Apple to ZTE. On PCWorld he's the resident keyboard nut, always using a new one for a review and building a new mechanical board or expanding his desktop "battlestation" in his off hours. Michael's previous bylines include Android Police, Digital Trends, Wired, Lifehacker, and How-To Geek, and he's covered events like CES and Mobile World Congress live. Michael lives in Pennsylvania where he's always looking forward to his next kayaking trip.