The extensions that can be installed in Google Chrome they are very useful for most everyday users. But they can also be a tool to access your personal data. In this case, a recent McAfee investigation revealed 5 malicious extensions recommended to uninstall.
These five extensions have sounded the alarm for their performance and also because add 1.4 million downloads. In general, its task is to monitor user activity while browsing the Internet and modify its cookies to add a referral link.
Which extensions are a danger to the user
Everyone knows that any professional person can get a commission for purchases on sites like Amazon if they follow an affiliate link. That is why attackers use these extensions to automatically refer their affiliates to these links amazon or other stores to generate economic profit.
The investigation determined that the affected extensions were 5, and had 1.4 million downloads globally. The list is as follows:
– Netflix Party (800,000 downloads) and Netflix Party 2 (300,000 downloads)
Netflix Party 1 and 2, now both known as TelePartyis a browser extension to watch TV remotely with friends.
For example, for movie nights with that special someone from long distance. Synchronize video playback and group chat can be added to your favorite streaming sites.
Teleparty can be used to connect with friends and host long-distance movie nights and TV parties with support for Netflix, Youtube, Disney Plus, hulu, hbo max Y Amazon Prime Video.
– Full Page Screenshot Capture – Screenshotting (200,000 downloads)
This is a simple free screen recording and screenshot tool, in which you can quickly share your screen and capture the entire page. Basically, this is a two-in-one tool for recording and capturing screenshots.
– FlipShope – Price Tracker Extension (80,000 downloads)
FlipShope is a popular Google Chrome browser extension that allows its users to track and view price charts for a product on various web sites. electronic commerce.
This extension is compatible with most of the popular online shopping platforms like Amazon, Flipkart, Snapdeal, Myntra, Shopclues, AJIO and many more.
– AutoBuy Flash Sales (20,000 downloads)
With this Google Chrome extension, users can buy smart phones in “fast sellers” like Redmi Note 11T 5G, Sony PS5, Infiniti Note 11 and more.
How these extensions work
In all these cases, the extensions work the same. When installed in Chrome, an uploaded multifunction script sends all browsing data to a domain controlled by the attacker. This information includes the URL visited, the user’s identification and also the location.
If the URL of this website matches one of the linked sites, the server responds by inserting the URL with the attacker’s affiliate unit and possibly also modifying the cookie.
Without a doubt, it is something that does not seek to block or slow down navigation, but monetize visits to Amazon, Ebay or any other store that offers affiliates.
Obviously, they are always interested in going completely unnoticed, and that is why the developers set a delay time to start operating.
This is from 15 days and it will be from here when the activity of sending all the navigation data begins and URL spoofing.
What to do in these cases, according to McAfee
“McAfee advises its customers to be cautious when installing Chrome extensions and to pay attention to the permissions they are requesting,” the company says.
“Chrome will display permissions before extension installation. Customers should take additional steps to verify authenticity if the extension requests permissions that allow it to run on all websites you visit, such as the one detailed in this blog,” the report concludes.