Be careful when downloading web browser extensions! Five Google Chrome add-ons, including two famous ones for Netflix, spy on you to inject affiliate links while shopping.
Web browser extensions – like Google Chrome, Mozilla Firefox, Microsoft Edge or Safari – are really handy and offer useful functions. However, you have to be very careful when downloading them because some – including those from official stores like the Chrome Web Store – contain malware. In 2020 alone, Google removed 106 malicious extensions that siphoned off users’ personal data, such as cookies, passwords and banking credentials. And these were not “small” extensions since they had a total of 32 million downloads – and therefore 32 million victims. And the phenomenon is not ready to stop… In a new safety report, McAfee discovered five malicious extensions for Google Chrome. In total, they have been downloaded more than 1.4 million times. Two of them are also famous extensions for the video-on-demand service Netflix.
Netflix extensions for Chrome: misleading add-ons
These five extensions hide their game well, by actually offering the advertised functions – unlike others, which do not bring any of the new features promised upon installation. Users are therefore satisfied and continue to use them. Worse still, they give them good ratings in the Chrome Web Store, which gives them credibility and drives even more people to download them unsuspectingly, being reassured by the reviews. The infected extensions detected by McAfee experts are as follows:
- Netflix Party (1) with 800,000 downloads
- Netflix Party (2) with 300,000 downloads
- FlipShope – Price Tracker Extension with 80,000 downloads
- Full Page Screenshot Capture – Screenshotting with 200,000 downloads
- AutoBuy Flash Sales with 20,000 downloads.
As you can see, two of the extensions are Netflix Party – released in two versions – which offers the famous and much appreciated Watch Party function which allows users to watch content with other people remotely – a function which is offered by Amazon Prime Video and Disney+, but not at Netflix. What seduce many users therefore – and make many victims.
Malicious extensions: affiliate links generated on e-commerce sites
McAfee experts explain in detail the process used, which is the same for the five extensions. To put it simply, they track the activity of the user on his web browser – which is therefore spied on – and send the content of his history to the hackers’ servers. Each visit and each action on a site is notified and carefully recorded.
The purpose of this collection is then to redirect the victims to phishing sites, then to insert a code in the web browser, which modifies the cookies of the e-commerce sites stored locally on the PC. These cookies will then generate affiliate links. Thanks to these links, pirates are paid for each purchase made on the Internet. And of course, all this without the user noticing… Thanks to McAfee’s alert, Google has started to remove certain extensions from its Chrome Web Store, but you absolutely have to uninstall them manually if you were already using them. .
How to protect yourself from rogue browser extensions?
It’s not the first time – and it won’t be the last! – that Google must remove corrupted extensions from its official store. Despite the efforts of the web giant, hackers are constantly finding new techniques, each more ingenious than the next. This is why you must always be vigilant when installing anything. Fortunately, several tips can help you spot infected extensions.
First of all, plug-ins should always be downloaded from official stores, such as the Google Web Store, because even if they let certain threats through, they still carry out an initial check and regularly remove infected software. Once in the store, in order to avoid those who might have slipped through the cracks, it is necessary to check the reputation and reliability of the developer – which, as we have seen, is not always a warranty – as well as the permissions requested by the extension. If it asks you for permissions that it doesn’t need to have — for example, a screen capture tool that asks for your geolocation — there’s something fishy about it. Finally, regularly review your installed extensions and uninstall extensions that you no longer use or recognize. And of course, always use an antivirus.