NCC-CSIRT Warns Against Google Chrome Extensions Malware | The Guardian Nigeria News

The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has warned of five malicious Google Chrome extensions that surreptitiously track browsers’ online activities and steal their data.

The Director of Public Affairs (DPA) of CNC, Mr. Reuben Muoka, made this known in a statement on Saturday in Abuja.

Muoka said the five malicious extensions were discovered by McAfee’s mobile research team.

– Advertising –

He said they include Netflix Party with 800,000 downloads, Netflix Party 2 with 300,000 downloads, as well as Full Page Screenshot Capture Screenshot with 200,000 downloads.

Others are FlipShope Price Tracker Extension with 80,000 downloads and AutoBuy Flash Sales with 20,000 downloads.

“The five Google Chrome extensions identified have high probability, potential for harm and have been downloaded over 1.4 million times, while they serve as an access to steal user data.

“The telecom industry-focused Cybersecurity Protection Team has warned telecom consumers to be cautious when installing any browser extensions.

“Users of these Chrome extensions are unaware of their invasive functionality and privacy risk.

“Malicious extensions monitor victims’ visits to e-commerce websites and modify the visitor’s cookie to appear as if they were going through a referral link.

“As a result, the developers of the extensions receive affiliate fees for any purchases from electronics stores,” he said.

The DPA said that although the Google team removed several browser extensions from its Chrome Web Store, it can be difficult to keep malicious extensions away.

He said, however, that the CCN-CSIRT therefore recommends that telecommunications consumers exercise caution when installing any browser extensions.

Mouka said, “This includes manually removing all listed extensions from their Chrome browser.

“Internet users should pay close attention to the prompts of their browser extensions, such as permission to run on any website visited and data requested before installing it.

“Although some extensions are apparently legitimate due to the high number of user downloads, these dangerous add-ons make it imperative for users to verify the authenticity of the extensions they access. »

Mouka said Google Chrome extensions are software that can be installed in Chrome to modify the functionality of browsers.

“This includes adding new features to Chrome or modifying the existing behavior of the program itself to make it more convenient for the user.

“They serve purposes such as blocking advertisements, integrating with password managers, and sourcing coupons as items sent to a shopping cart,” he added.

The Computer Security Incident Response Team (CSIRT) is the NCC’s cybersecurity incident center for the telecommunications industry.

It focuses on incidents in the telecommunications sector, as they can affect telecommunications consumers and citizens in general.

Leave a Comment