Google removed 5 malicious browser extensions from its Chrome Web Store
Over 1.4 million devices have been installed with a set of malicious Google Chrome extensions. Following the discovery of such extensions, Google removed these browser extensions from the Chrome Web Store.
According to CNET, cybersecurity researchers discovered that browser extensions were designed to monitor users’ browsing activities.
(Photo: Justin Sullivan/Getty Images)
Malicious extensions monitor users’ browsing activities
Malicious browser extensions work by modifying users’ browser cookies, according to security firm McAfee.
This is done every time users visit an e-commerce website. According to CNET, when they change users’ browser cookies, they “pay the operator an affiliate fee for any purchases made.”
Lists of malicious extensions include Netflix Party, Netflix Party 2, FlipShope, Full Page Screenshot Capture and AutoBuy Flash Sales.
Some extensions allow users to watch Netflix shows together, according to McAfee researchers. There are extensions that allow users to track offers on retail sites. Likewise, there is one that takes screenshots of websites.
While these extensions seemed to promise good functionality, there is an unexpected downside – these extensions monitor users’ browser activities.
“Users of the extensions are unaware of this feature and the privacy risk that each site visited will be sent to the extension authors’ servers,” McAfee researchers wrote in a blog post, as cited by CNET.
According to TechRadar, the two extensions labeled “Netflix Party” have now been removed from the Chrome Web Store.
But in a CNET report, it was mentioned that the five extensions identified in the McAfee report had been removed from the Chrome Web Store. This was confirmed by a Google spokesperson on Wednesday.
Read also : Google Play Store Malware AbstractEMU Can Steal Your Banking Data, Other Private Information: How to Protect Yourself
McAfee warns users about downloading extensions
Extensions are very useful as they are additional features that users can download and use to make changes in browsers such as Chrome, Safari, and Firefox.
These extensions can do many things such as block ads, integrate with password managers, and find online coupons.
According to CNET, over 100,000 extensions are available for Chrome. There are many other extensions available for other browsers.
Google said it’s very careful about reviewing the extensions it allows on its stores, and other vendors are doing the same. However, there are still instances where some malicious extensions managed to sneak in.
According to McAfee, they detected several impostor Chrome extensions from the Netflix party earlier this year. These extensions redirect users to phishing sites. A much worse problem is that these extensions stole users’ personal information.
Users choose to trust popular extensions, those that have been downloaded hundreds of thousands of times, because they may appear legitimate. But McAfee researchers cautioned about this because their research showed otherwise.
McAfee researchers reminded consumers to be careful when it comes to downloading and installing extensions, as these could possibly contain malware, just like what was previously reported.
Consumers are especially warned to take extra steps to ensure that the extension is genuine.
Related article: New strain of Android malware claims to be a Chrome web browser or crypto mining app