Highlights:
- A total of 1.4 million people has installed these extensions.
- The maximum number of downloads for the Netflix Party extension is 800,000.
- It seems that there are no extensions listed in the Chrome store.
Five Google Chrome extensions that redirect users to phishing websites and add affiliate IDs to eCommerce sites’ cookies have been warned about by cybersecurity company McAfee. The company claims that the five extensions collectively have over 1,400,000 install and are a threat to user data. These include AutoBuy Flash Sales (200,000 users), Full Page Screenshot Capture Screenshotting (200,000 users), Netflix Party (800,000 users), Netflix Party 2 (300,00 users), FlipShope Price Tracker Extension (80,00 users), and (20,000 users). Although it appears the extensions are not available in the Chrome store, users should remove any installs they may have on their computers right away.
All five of these extensions exhibit similar behaviour, according to McAfee. The company states in a blog post that the web app loads a multifunctional script (B0.js) that sends browsing information to a domain the attackers control (“langhort[.]com”). Without getting too technical, some of the extensions deceive researchers or vigilant users by sending out malicious links after 15 days.
Also Read: 10 Best Ad Blocker Extensions For Chrome To Enrich Your Browsing Experience
Added in the post: “We discovered an interesting trick in a few of the extensions that would prevent malicious activity from being identified in automated analysis environments. They contained a time check before they would perform any malicious activity. This was done by checking if the current date is > 15 days from the time of installation”.
In a phishing attack, attackers send dangerous links or direct users to malicious sites in an effort to trick them into sharing their usernames and passwords. Once these are compromised, other personal data and bank information may be accessed and used against them. In that scenario, users are advised to refrain from installing dubious extensions that claim to improve productivity. They should always double-check the links on the internet to look for errors or wrong digits in the URL.
When installing Chrome extensions, McAfee warns users to take precautions and pay attention to the permissions that are being asked. Before installing the extensions, Chrome will show the permissions. Of course, the company encourages customers to use its McAfee WebAdvisor, which could identify these harmful extensions.
