Researchers at McAfee have discovered five Chrome browser extensions that track users’ browsing activity. The developers of these five extensions were discreetly inserting affiliate IDs into cookies of eCommerce sites to earn affiliate income based on user purchases. Google took down the extensions after reviewing McAfee’s findings.
McAfee’s research sprung from the March 2022 discovery of a malicious version of Netflix Party, a Chrome extension designed to enable multiple Netflix users to stream content concurrently. The author of the malicious Netflix Party went to great lengths to deceive users into trusting and installing the extension through several Twitter accounts and fake reviews websites.
Besides performing the functions it was meant to do, Netflix Party redirected users to phishing sites. It also inserted affiliate IDs and modified legitimate websites to exfiltrate users’ personally identifiable (PII) data.
McAfee has now discovered four additional extensions: Netflix Party 2, FlipShope – Price Tracker Extension, Full Page Screenshot Capture – Screenshotting, and AutoBuy Flash Sales, that exhibit similar malicious behavior.
The cumulative downloads for the five malicious extensions stand at 1.4 million users, who should assume their privacy was infringed upon. The extensions’ underlying code is similar, including the type of data being collected and the fact that they have a 15-day delay before their malicious operations are triggered to avoid detection by automated analysis tools.
Data collected by the extensions include referral URLs encoded in Base64, users’ names encoded in Base64, and device location (country, city, county, zip code), all of which are sent to d.langhort.com. Going by McAfee’s blog post on the subject, the authors’ intention seems to be financial gain.
However, since the extensions fulfill their intended purpose, the underlying technical deception becomes less apparent to unknowing users. ChromeOpens a new window is the market leader among web browsers, with a 65.12% market shareOpens a new window and 188,620 extensions.
Malicious Chrome Extensions Discovered by McAfeeOpens a new window
Details of the five malicious extensions in question, now removed from the Chrome extension store, are given in the table below. So if you still have them installed in your browser, now is the time to uninstall.
Extension Name |
Overt Purpose | Downloads |
Netflix Party | Concurrent streaming |
800,000 |
Netflix Party 2 |
Concurrent streaming | 300,000 |
FlipShope – Price Tracker Extension | Coupon discovers and auto application |
80,000 |
Full Page Screenshot Capture – Screenshotting |
Web page screenshots | 200,000 |
AutoBuy Flash Sales | Identify and grab offers |
20,000 |
Let us know if you enjoyed reading this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!
MORE ON PRIVACY RISKS
- 5 Tips to Help You Protect Data and Prioritize Privacy
- Big Tech Using an Army of Lobbyists to Defang Privacy Laws, Claims New ReportOpens a new window
- Default Setting: Privacy Protection and How to Achieve ItOpens a new window
- The Privacy Setting That’s Not on Your Radar: Your Internet BrowserOpens a new window