McAfee, an award-winning Antivirus and VPN, discovered five Google Chrome extensions that steal users’ browsing activity.
These malware-infected extensions track the users while they visit the eCommerce website and modify the visitor’s cookie so it seems the visitor came through the referrer links. Threat actors do so to get the commission from affiliate links.
McAfee found the following five extensions to be malicious:
- Netflix Party (mmnbenehknklpbendgmgngeaignppnbe) – 800,000 downloads
- Netflix Party 2 (flijfnhifgdcbhglkneplegafminjnhn) – 300,000 downloads
- Full Page Screenshot Capture – Screenshotting (pojgkmkfincpdkdgjepkmdekcahmckjp) – 200,000 downloads
- FlipShope – Price Tracker Extension (adikhbfjdbjkhelbdnffogkobkekkkej) – 80,000 downloads
- AutoBuy Flash Sales (gbnahglfafmhaehbdmjedfhdmimjcbed) – 20,000 downloads
The threat actors have intelligently crafted the extensions making it difficult for victims to identify any suspicious activity. We recommend you uninstall the extensions if you have them on your system.
According to McAfee’s report, the manifest.json file loads a multifunctional script that sends the browsing data to the domain controlled by threat actors.
Whenever the user visits a new URL, the data is transferred with POST requests. The data comprising the base64 form URL reaches the threat actor. The URL includes encoded URL, ID, device location such as city, Zipcode, etc.
Are you looking for more software news? Then, stay tuned for the latest software news from top tech industries.