More than 1.4 million devices have been installed with a set of malicious Google Chrome extensions. Following the discovery of such extensions, Google removed these browser extensions from the Chrome Web Store.
According to CNET, cybersecurity researchers discovered that the browser extensions were designed to monitor the browsing activities of the users.
Malicious Extensions Monitor Browsing Activities of Users
The malicious browser extensions work by modifying the users' browser cookies, according to security company McAfee.
This is done every time users visit an ecommerce website. According to CNET, as they modify the users' browser cookies, they are "netting the operator an affiliate fee for any purchases made."
The malicious extension lists include Netflix Party, Netflix Party 2, FlipShope, Full Page Screenshot Capture, and AutoBuy Flash Sales.
Some extensions let users watch Netflix shows together, according to McAfee researchers. There are extensions that allow users to track deals on retail sites. Likewise, there's one that takes screenshots of websites.
While these extensions seemed to promise good features, there is an unexpected downside - these extensions monitor the browser activities of users.
"The users of the extensions are unaware of this functionality and the privacy risk of every site being visited being sent to the servers of the extension authors," the McAfee researchers wrote in a blog post, as cited by CNET.
According to TechRadar, the two extensions labeled as "Netflix Party" have now been removed from Chrome Web Store.
But in a report by CNET, it was mentioned that all five of the extensions identified in the McAfee report had been removed from Chrome Web Store. This was confirmed by a Google spokesman on Wednesday.
McAfee Cautions Users Regarding Downloading Extensions
Extensions are quite useful as these are additional features that users can download and utilize to make modifications in browsers such as Chrome, Safari, and Firefox.
These extensions can do a lot of things such as block ads, integrate with password managers, and find coupons online.
According to CNET, over 100,000 extensions are available for Chrome. There are a lot more other extensions available for the other browsers.
Google said that they are very careful in scrutinizing the extensions that they allow in their stores, and other providers do the same. However, there are still instances that some malicious extensions managed to sneak in.
According to McAfee, they detected several imposter Netflix party Chrome extensions earlier this year. These extensions redirect users to phishing sites. A much worse problem is these extensions stole the personal information of users.
Users are opted to trust popular extensions, those which have been downloaded hundreds of thousands of times, as these might appear legit. But the McAfee researchers issued a caution on this as their research showed otherwise.
The McAfee researchers reminded consumers to be careful when it comes to downloading and installing extensions as these might possibly contain malicious software just like what was previously reported.
Consumers are particularly cautioned to take extra steps to ensure that the extension is authentic.
Related Article: New Android Malware Strain Pretends to be Chrome Web Browser or a Crypto Mining App
