A set of malice Google Chrome extensions designed to monitor browsing activity have been installed on more than 1.4 million devices, researchers reported.
As described in a blog post (opens in a new tab) from the security company McAfee, the purpose of the scam is to modify the Navigator cookies each time they visit a e-commerce which allows the operator to pay affiliate fees for any purchases made.
Although two add-ons branded as “Netflix Party” have now been removed from the official add-on market, McAfee says the others are still available for download.
– Advertising –
Chrome extensions scam
While malicious extensions do not pose an immediate security risk, they are not designed to exfiltrate sensitive data or install malware payloads – they are a gross violation of privacy.
As evidenced by the growing popularity of vpn services and other solutions designed to hide web activity, modern Internet users are increasingly reluctant to part with their browsing data – and especially not, one might imagine, in these circumstances.
What makes this scam particularly difficult to spot is that the extensions all serve a legitimate purpose, in addition to providing a base for the affiliate revenue scheme. They are also widely well-reviewed, leaving potential victims with little indication of the scam taking place right under their noses.
“The extensions provide various functions such as allowing users to watch Netflix shows together, website coupons, and take screenshots of a website,” McAfee explained.
“Extension users are unaware [the malicious functionality] and the risk to privacy that each site visited is sent to the servers of the extension’s authors.
In an effort to evade detection by analysts, the operators programmed some of the extensions to start meddling with browser cookies several weeks after the date of installation.
Chrome users who find that they have installed the offending extensions are advised to perform a manual uninstallation immediately.
List of malicious extensions:
- Netflix party
- Netflix Party 2
- Full Page Screenshot – Screenshot
- AutoBuy Flash Sales
Updated: September 09, 2022
The original version of this article referred to a browser extension that has since been updated to remove features identified by McAfee as malicious.
In communication with TechRadar Pro via email, McAfee provided the following statement:
Since the report was originally published on August 29, 2022, the browser extension was updated in the Chrome Store on September 6, 2022. McAfee has updated its blog accordingly. »