Malicious Chrome Extensions Plague 1.4M Users
Analysts find five cookie-stuffing extensions, including one that's Netflix-themed, that track victim browsing and insert rogue IDs into e-commerce sites to rack up fake affiliate payments.
Researchers have flagged five separate malicious Chrome extensions masquerading as Netflix viewers and more. They track user activity and insert code into any e-commerce sites they visit, letting cyberattackers steal payments through the retailer affiliate programs.
McAfee Labs analysts found the Chrome extensions being marketed to let users watch Netflix in groups, automatically clip coupons, and take screenshots. All together, the apps have been downloaded 1.4 million times, they found.
“Browser extensions are the Wild Wild West of the Internet," says Uriel Maimon, head of emerging products at Human Security. "There are approximately 200,000 extensions available on the Chrome store alone. What most users don’t realize is that extensions have full access to all of the data on a page including your email, banking information and credit-card numbers. While many extensions provide value-added services, there’s little to stop them from collecting and abusing user data.”
The McAfee team has been working on tracking down malicious Chrome extensions, and its latest report is part of that project, researchers wrote in a recent blog about their findings. The researchers warn end users to take extra precautions to verify an extension's safety if it asks for additional permissions.
"This blog highlights the risk of installing extensions, even those that have a large install base as they can still contain malicious code," they said.
About the Author(s)
You May Also Like
Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024