Malicious Google Chrome extensions sends users browsing activity to threat actors; identified by McAfee

Recently, McAfee’s threat analysts discovered five Google Chrome extensions, which steals users’ browsing activity. The extensions have been downloaded about 1.4 million times so far. 

The malicious extensions monitor when users do a visit to an e-commerce website. Accordingly, it modifies the visitor’s cookie to appear in a way that indicates they came through a referrer link. As a result, the authors of the extensions receive an affiliate fee for any purchases at electronic shops. 

McAfee discovered the following five extensions:

  • Netflix Party
  • Netflix Party 2
  • Full Page Screenshot Capture – Screenshotting
  • FlipShope – Price Track Extension
  • AutoBuy Flash Sales

The victims never notice the malicious intentions as the extensions carries on their mentioned functionality. The use of these extensions does not affect the user directly, however it possess risk to privacy. 

Experts recommend users to stop using the extensions even if they find the functionality useful.

McAfee has released a video that displays how the URL and cookie modifications happen in real time. 

The extensions have their own way of evading extension and analysis. They confuse researchers and vigilant users by executing a delay of 15 days from the time of the installation of the extensions. After this period the extensions starts sending the browsing activity. 

According to latest reports, authorities have removed the two Netflix extensions. However, “Full Page Screenshot Capture – Screenshotting” and “FlipShope – Price Tracker Extension” are still available on the Chrome Web Store. It is also to be noted that even when the extensions are removed; it still stays in the users’ web browser unless they manually remove it. 

Update 23/09/2022

According to a recent update shared by Fileshope a browser extension now their extension doesn’t exhibit any malicious behavior and the same has been updated by McAfee in their new report.

Fileshope also shared a statement with us in regard to this matter.

Flipshope, a shopping extension from India, previously included in this article doesn’t agree with McAfee’s allegations and explains in detail how these allegations don’t stand valid for them,”

 

 

 




Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More