EXPLORE
Five Chrome extensions with 1.4 million downloads were found collecting browsing data, users’ names, and device location (country, city, county, zip code).
Researchers at McAfee have discovered five Chrome browser extensions that track users’ browsing activity. The developers of these five extensions were discreetly inserting affiliate IDs into cookies of eCommerce sites to earn affiliate income based on user purchases. Google took down the extensions after reviewing McAfee’s findings.
McAfee’s research sprung from the March 2022 discovery of a malicious version of Netflix Party, a Chrome extension designed to enable multiple Netflix users to stream content concurrently. The author of the malicious Netflix Party went to great lengths to deceive users into trusting and installing the extension through several Twitter accounts and fake reviews websites.
Besides performing the functions it was meant to do, Netflix Party redirected users to phishing sites. It also inserted affiliate IDs and modified legitimate websites to exfiltrate users’ personally identifiable (PII) data.
McAfee has now discovered four additional extensions: Netflix Party 2, FlipShope – Price Tracker Extension, Full Page Screenshot Capture – Screenshotting, and AutoBuy Flash Sales, that exhibit similar malicious behavior.
The cumulative downloads for the five malicious extensions stand at 1.4 million users, who should assume their privacy was infringed upon. The extensions’ underlying code is similar, including the type of data being collected and the fact that they have a 15-day delay before their malicious operations are triggered to avoid detection by automated analysis tools.
See More: Google Chrome Trounced by Mozilla, Safari and Microsoft Edge in Blocking Phishing Sites
Data collected by the extensions include referral URLs encoded in Base64, users’ names encoded in Base64, and device location (country, city, county, zip code), all of which are sent to d.langhort.com. Going by McAfee’s blog post on the subject, the authors’ intention seems to be financial gain.
However, since the extensions fulfill their intended purpose, the underlying technical deception becomes less apparent to unknowing users. Chrome is the market leader among web browsers, with a 65.12% market share and 188,620 extensions.
Malicious Chrome Extensions Discovered by McAfee
Details of the five malicious extensions in question, now removed from the Chrome extension store, are given in the table below. So if you still have them installed in your browser, now is the time to uninstall.
Extension Name
800,000
Netflix Party 2
80,000
Full Page Screenshot Capture – Screenshotting
20,000
Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!
Asst. Editor, Spiceworks Ziff Davis
On June 22, Toolbox will become Spiceworks News & Insights