Looking At Chrome Extensions That Hijack Search — Spread Via Malvertising

2 years ago 92

BOOK THIS SPACE FOR AD

ARTICLE AD

This article has been indexed from Confiant – Medium

Looking At Chrome Extensions That Hijack Search — Spread Via Malvertising

stock photo via Unsplash

In this blog post we discuss an ongoing malvertising campaign that pushes search hijacking browser extensions. We take a deep dive into the code of one of these extensions, and discuss the impact and scope of the campaign.

First — A Sample

While studying the many potential payloads that victims of malvertising might be lured towards, we came upon an ongoing campaign that promotes odd Chrome Extensions with niche use cases:

Clicking the download button reveals something like this:

Let’s take a closer look at an extension from this campaign that we previously installed called “Pick Color”, which has since been removed from the Chrome Web Store.

Here’s the manifest.json

{
"background": {
"scripts": [ "lib/color.js" ]
},
"browser_action": {
"default_icon": {
"128": "128.png"
},
"default_popup": "data/popup/popup.html",
"default_title": "Color Picker"
},
"description": "find the perfect color via an stylish color picker popup ",
"icons": {
"128": "128.png"
},
"key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjXcWVH8U8+6NpH7czI7kN9fiim15NPVz3RlIBTd4MnxecVGCmVhexXMQugIfzC5rTrbprx9TlkWCmmVM14xZNC/csxJCHL5YW9mnAY2zU/jmg3rd4yDH4iDo3zlgv5j1BHblzJ73xU1CjLXFcJj8+1I2Krtf4/PNw2xfZHTECJcfZmKUyPPxqBstCA8pCEk18Ryoaxz2pTGVa3osqCFZE4hhbbLQzD8F9PnhuVdzNHKRrgeHdFF/spYYw/yj4jZ2E9MWXDfvT3imKHgZ5DQiQa1Sf2l7VAdDCHL+uv/xzNRsrNCStv95Pkw7LYeu0gwMnx8UZT8Nw8gsaPBsPr8owIDAQAB",
"manifest_version": 2,
"name": "Pick Color",
"permissions": [ "storage", "tabs" ],
"update_url": "https://clients2.google.com/service/update2/crx",
"version": "1.1"
}

It doesn’t look too invasi

[…]

Content was cut in order to protect the source.Please visit the source for the rest of the article.