You are currently viewing Chrome: these extensions are to be uninstalled as soon as possible – Geeko

Chrome: these extensions are to be uninstalled as soon as possible – Geeko

McAfee investigated several malicious extensions. In all, investigators discovered five extensions with over 1,400,000 downloads.

Several extensions for the Google Chrome browser impersonate, among other things, Netflix viewers. In fact, they track users’ browsing activity and collect their data.

Extensions to various functions

The extensions concerned by the report “offer various functions such as allowing users to watch Netflix shows together, website coupons, and taking screenshots of a website”, says McAfee. Only problem, in addition to offering the intended functionality, they also track the browsing activity of their users.

Each website visited is sent to servers belonging to the creator of the malware. Of course, most users of the extensions, therefore the victims, are not aware of this risk of privacy violation. Explanations.

Malicious code

These malicious extensions are designed to load a piece of JavaScript, which itself monitors visited websites. In other words, the cybercriminals inserted a code into the visited e-commerce sites. Once this malicious code is inserted into e-commerce portals, it is able to modify site cookies and receive affiliate payment for any item purchased, the report warns.

This document is the result of the discovery, in March 2022, of thirteen Chrome browser extensions accused of redirecting users to phishing sites and exfiltrating sensitive information. The United States, Europe and India are the target regions. Here is the list of suspects:

  • Netflix Party – mmnbenehknklpbendgmgngeaignppnbe
  • FlipShope – Price Tracker Extension – adikhbfjdbjkhelbdnffogkobkekkkej
  • Full Page Screenshot Capture – pojgkmkfincpdkdgjepkmdekcahmckjp
  • Netflix Party 2 – flijfnhifgdcbhglkneplegafminjnhn
  • AutoBuy Flash Sales gbnahglfafmhaehbdmjedfhdmimjcbed

A hard-to-detect trap

In addition to receiving payments, the malware also incorporates a technique that delays malicious activity for 15 days from the installation of the extension. A manipulation that allows him to camouflage his activity and not to trigger alarm signals.

Good news, since yesterday, the Chrome Web Store has separated from five of them. But users of malicious extensions are still recommended to remove them manually from their Chrome browser. Likewise, it is always useful to check the authenticity if the extension asks for permissions that allow it to run on all visited websites.

Follow Geeko on Facebook, Youtube and Instagram to not miss any news, tests and tips.