Skip to main content
  1. Home
  2. Computing
  3. News

Chrome extensions with 1.4M users may have stolen your data

Add as a preferred source on Google

McAfee researchers have discovered various Google Chrome extensions that steal browsing activity, with the add-ons racking up more than a million downloads.

As reported by Bleeping Computer, threat analysts at the digital security company have come across a total of five such malicious extensions.

Google Chrome icon in mac dock.
PixieMe / Shutterstock

With more than 1.4 million downloads, the extensions have tricked an unprecedented number of individuals into adding them to their browsers. The extensions in question that have been tracked down thus far are:

  • Netflix Party (mmnbenehknklpbendgmgngeaignppnbe) — 800,000 downloads
  • Netflix Party 2 (flijfnhifgdcbhglkneplegafminjnhn) — 300,000 downloads
  • Full Page Screenshot Capture — Screenshotting (pojgkmkfincpdkdgjepkmdekcahmckjp) — 200,000 downloads
  • FlipShope — Price Tracker Extension (adikhbfjdbjkhelbdnffogkobkekkkej) — 80,000 downloads
  • AutoBuy Flash Sales (gbnahglfafmhaehbdmjedfhdmimjcbed) — 20,000 downloads
Recommended Videos

Once one of the extensions listed above has been installed onto Chrome, it can subsequently detect and observe when the user opens an e-commerce website on their browser. The cookie that is generated by the visitor is altered in order to make it seem they arrived at the site via a referrer link. Ultimately, whoever is behind the extensions can then receive an affiliate fee should the target buy anything from these sites.

All the extensions actually deliver on whatever functionality is listed on their Chrome web store pages. Coupled with the fact that they showcase a user base in the tens or hundreds of thousands, it may convince many that they’re safe to download if they’re being utilized by so many individuals.

While the Netflix Party extensions have been taken down, the screenshot and price tracker ones are still live on the Chrome web store.

As for how the extensions work, McAfee detailed how the web app manifest — an element controlling how the add-ons run on the browser — executes a multifunctional script, allowing browsing data to be sent directly to the attackers through a certain domain that they’ve registered.

Once a user visits a new URL, their browsing data is sent with the use of POST requests. Such information includes the website address itself (in base64 form), the user ID, device location (country, city, and zip code), and a referral URL that’s encoded.

To avoid being detected, some of the extensions won’t activate their malicious tracking activity until 15 days after it’s been installed by the target. Similarly, we’ve recently seen how threat actors delay their malware being loaded onto a system for up to a month.

Hackers have increasingly relied on hiding malicious codes and malware in free Windows software and downloads. Most recently, they’ve been targeting users with space images, as well as trying to breach systems via Windows Calculator.

Zak Islam
Former Contributor
Zak covers the latest news in the technology world, particularly the computing field. A fan of anything pertaining to tech…
A Windows 11 bug may be quietly eating hundreds of gigabytes of your storage
Windows 11’s storage-eating bug now has a fix from Microsoft
Windows 11 suffering from RAM crisis

If your Windows 11 PC suddenly looks low on storage, your downloads folder or game library may not be the problem. According to Windows Latest, a bug tied to a Windows system file can silently consume tens or even hundreds of gigabytes on the system drive.

The file in question is called CapabilityAccessManager.db-wal, and it sits inside Windows’ Capability Access Manager folder. Windows Latest says the issue may appear as unusually high “System files” usage in Windows 11’s storage breakdown, even though the Settings app does not clearly identify the exact file responsible. In some reported cases, users saw it grow to 200GB, and even more.

Read more
Your next Teams meeting could have an AI teammate that answers questions for you
Teams is getting smarter, cleaner, and quieter about it. The AI features are opt-in, the chat cleanup is automatic.
Computer, Electronics, Laptop

Microsoft Teams is getting a meaningful update that overhauls almost every part of how you use the app, from AI-assisted meetings to a cleaner chat layout. Most of the changes are already in testing, and several are scheduled to roll out before the end of the summer.

Starting with the most interesting addition: an upgraded AI Facilitator that can listen to your meeting, spot when someone seems confused, and generate a response (via Windows Report). 

Read more
A hacker’s arrest just revealed how Microsoft can track your Windows device
Microsoft knew what websites his Windows PC visited.
Windows 11 on a laptop

A teenager allegedly used a VPN to cover his tracks while hacking a US jewelry retailer, but Microsoft knew anyway.

Court documents unsealed in the US case against Peter Stokes, a 19-year-old dual US-Estonian citizen accused of being a member of the notorious Scattered Spider hacking group, reveal that Microsoft provided the FBI with records tied to a tracking mechanism called the Global Device Identifier, or GDID. 

Read more