Chrome Store Features Extension Poisoned With Sophisticated Spyware www.darkreading.com/endpoint-…

Google has inadvertently been promoting sophisticated spyware that can hijack browser sessions with malicious redirects hidden in a legitimate Chrome extension. The extension, which offers a legitimate color picker, was poisoned with the malware via an update at the end of June.

The extension, called “Color Picker, Eyedropper — Geco colorpick,” has more than 100,000 downloads, a verified Google badge, and a featured placement in the Google Chrome Web Store. Its high status in the store is because it has been a legitimate extension for years — before it received the malicious update on June 27, Idan Dardikman from Koi Security tells Dark Reading.