McAfee Mobile Research team has identified five malicious Google Chrome Extension that has the ability to track users’ online browser activities and steal their data.
These extensions include Netflix Party with 800,000 downloads, Netflix Party 2 with 300,000 downloads, Full Page Screenshot Capture Screenshotting with 200,000 downloads, FlipShope Price Tracker Extension with 80,000 downloads, and AutoBuy Flash Sales with 20,000 downloads.
Google Chrome extensions are software programmes that can be installed into Chrome in order to change the browser’s functionality. This includes adding new features to Chrome or modifying the existing behavior of the program itself to make it more convenient for the user. They serve purposes such as block ads, integration with password managers and sourcing coupons as items sent to a shopping cart.
According to the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT), the five google chrome extensions have a high probability and damage potential and have been downloaded more than 1.4 million times, and serve as access to steal users’ data. The telecom sector-focused cybersecurity protection team alerted telecom consumers to be cautious when installing any browser extension.
“The users of these Chrome extensions are unaware of their invasive functionality and privacy risk. Malicious extensions monitor victims’ visits to e-commerce websites and modify the visitor’s cookie to appear as if they came through a referrer link. Consequently, the extensions’ developers get an affiliate fee for any purchases at electronic shops,” the McAfee team said.
This enables the hackers to make money off of users, spying on what other people do on their own browsers, and bypass affiliate link regulations.
The McAfee analysts also discover that the data from each of the five extensions were delivered in a similar way, giving the hackers access to the URL, the user’s ID, referral URL, and most alarmingly, location information down to the device’s city, zip code, and country.
While a Google team says they are able to remove several browser extensions from its Chrome Web Store, it is not possible keeping malicious extensions out permanently. The NCC-CSIRT recommends taking preventive measures when installing any browser extension.
This may include removing existing extensions from the Chrome browser manually. Also, users need to pay close attention to the promptings from their browser extensions, such as the permission to run on any website visited and the data requested before installing.
“Although some extensions are seemingly legit, due to the high number of user downloads, these hazardous add-ons make it imperative for users to ascertain the authenticity of extensions they access,” the NCC-SCIRT noted.