Skip to main content

Chrome extensions with 1.4M users may have stolen your data

McAfee researchers have discovered various Google Chrome extensions that steal browsing activity, with the add-ons racking up more than a million downloads.

As reported by Bleeping Computer, threat analysts at the digital security company have come across a total of five such malicious extensions.

Google Chrome icon in mac dock.
PixieMe / Shutterstock

With more than 1.4 million downloads, the extensions have tricked an unprecedented number of individuals into adding them to their browsers. The extensions in question that have been tracked down thus far are:

  • Netflix Party (mmnbenehknklpbendgmgngeaignppnbe) — 800,000 downloads
  • Netflix Party 2 (flijfnhifgdcbhglkneplegafminjnhn) — 300,000 downloads
  • Full Page Screenshot Capture — Screenshotting (pojgkmkfincpdkdgjepkmdekcahmckjp) — 200,000 downloads
  • FlipShope — Price Tracker Extension (adikhbfjdbjkhelbdnffogkobkekkkej) — 80,000 downloads
  • AutoBuy Flash Sales (gbnahglfafmhaehbdmjedfhdmimjcbed) — 20,000 downloads
Recommended Videos

Once one of the extensions listed above has been installed onto Chrome, it can subsequently detect and observe when the user opens an e-commerce website on their browser. The cookie that is generated by the visitor is altered in order to make it seem they arrived at the site via a referrer link. Ultimately, whoever is behind the extensions can then receive an affiliate fee should the target buy anything from these sites.

Please enable Javascript to view this content

All the extensions actually deliver on whatever functionality is listed on their Chrome web store pages. Coupled with the fact that they showcase a user base in the tens or hundreds of thousands, it may convince many that they’re safe to download if they’re being utilized by so many individuals.

While the Netflix Party extensions have been taken down, the screenshot and price tracker ones are still live on the Chrome web store.

As for how the extensions work, McAfee detailed how the web app manifest — an element controlling how the add-ons run on the browser — executes a multifunctional script, allowing browsing data to be sent directly to the attackers through a certain domain that they’ve registered.

Once a user visits a new URL, their browsing data is sent with the use of POST requests. Such information includes the website address itself (in base64 form), the user ID, device location (country, city, and zip code), and a referral URL that’s encoded.

To avoid being detected, some of the extensions won’t activate their malicious tracking activity until 15 days after it’s been installed by the target. Similarly, we’ve recently seen how threat actors delay their malware being loaded onto a system for up to a month.

Hackers have increasingly relied on hiding malicious codes and malware in free Windows software and downloads. Most recently, they’ve been targeting users with space images, as well as trying to breach systems via Windows Calculator.

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Hackers may have stolen the master key to another password manager
Open padlock cybersecurity

The best password managers are meant to keep all your logins and credit card info safe and secure, but a major new vulnerability has just put users of the KeePass password manager at serious risk of being breached.

In fact, the exploit allows an attacker to steal a KeePass user’s master password in plain text -- in other words, in an unencrypted form -- simply by extracting it from the target computer’s memory. It’s a remarkably simple hack, yet one that could have worrying implications.

Read more
The best ChatGPT Chrome extensions to bring AI to your browser
GPT EZ themes.

Want ChatGPT closer to hand? One of the best ways to have quick and easy access to ChatGPT is through its range of Chrome extensions. They also give you better ways of using ChatGPT, including helping you to write better prompts to get improved responses, or granting ChatGPT the ability to search the internet, which provides access to more up-to-date information.

Here are the best ChatGPT Chrome extensions you can use right now.

Read more
Check your inbox — Google may have invited you to use Bard, its ChatGPT rival
ChatGPT versus Google on smartphones.

AI chatbots have been the subject of much public fascination as of late, with the likes of ChatGPT continuously making headlines. But now, Google is finally getting in on the trend by soft-launching Bard for select Pixel users.

Bard is Google's AI chatbot that was previously unavailable to the public, but according to a report from 9to5Google, the company is inviting some of its most loyal and dedicated customers to give it a try.

Read more