Skip to main content

Chrome extensions with 1.4M users may have stolen your data

McAfee researchers have discovered various Google Chrome extensions that steal browsing activity, with the add-ons racking up more than a million downloads.

As reported by Bleeping Computer, threat analysts at the digital security company have come across a total of five such malicious extensions.

Google Chrome icon in mac dock.
PixieMe / Shutterstock

With more than 1.4 million downloads, the extensions have tricked an unprecedented number of individuals into adding them to their browsers. The extensions in question that have been tracked down thus far are:

  • Netflix Party (mmnbenehknklpbendgmgngeaignppnbe) — 800,000 downloads
  • Netflix Party 2 (flijfnhifgdcbhglkneplegafminjnhn) — 300,000 downloads
  • Full Page Screenshot Capture — Screenshotting (pojgkmkfincpdkdgjepkmdekcahmckjp) — 200,000 downloads
  • FlipShope — Price Tracker Extension (adikhbfjdbjkhelbdnffogkobkekkkej) — 80,000 downloads
  • AutoBuy Flash Sales (gbnahglfafmhaehbdmjedfhdmimjcbed) — 20,000 downloads

Once one of the extensions listed above has been installed onto Chrome, it can subsequently detect and observe when the user opens an e-commerce website on their browser. The cookie that is generated by the visitor is altered in order to make it seem they arrived at the site via a referrer link. Ultimately, whoever is behind the extensions can then receive an affiliate fee should the target buy anything from these sites.

All the extensions actually deliver on whatever functionality is listed on their Chrome web store pages. Coupled with the fact that they showcase a user base in the tens or hundreds of thousands, it may convince many that they’re safe to download if they’re being utilized by so many individuals.

While the Netflix Party extensions have been taken down, the screenshot and price tracker ones are still live on the Chrome web store.

As for how the extensions work, McAfee detailed how the web app manifest — an element controlling how the add-ons run on the browser — executes a multifunctional script, allowing browsing data to be sent directly to the attackers through a certain domain that they’ve registered.

Once a user visits a new URL, their browsing data is sent with the use of POST requests. Such information includes the website address itself (in base64 form), the user ID, device location (country, city, and zip code), and a referral URL that’s encoded.

To avoid being detected, some of the extensions won’t activate their malicious tracking activity until 15 days after it’s been installed by the target. Similarly, we’ve recently seen how threat actors delay their malware being loaded onto a system for up to a month.

Hackers have increasingly relied on hiding malicious codes and malware in free Windows software and downloads. Most recently, they’ve been targeting users with space images, as well as trying to breach systems via Windows Calculator.

Editors' Recommendations

Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Google may have just fixed Chrome’s most annoying problem
A Macbook with Google Chrome opened to a Gmail inbox.

While Google Chrome is one of the best web browsers, over the years it has gained a reputation for being something of a resource hog, gobbling up your PC’s memory like it’s going out of style. That can be a problem if you’re running other resource-heavy tasks and don’t want things to slow down. Now, Chrome has been updated with two new features that cut down on memory usage and extend your laptop’s battery life, according to Google. The changes are set to roll out today with the latest release of Chrome on desktop (version m108).The first new feature, dubbed Memory Saver, is designed to reduce the amount of memory Chrome’s tabs use. It does this by freeing up memory from inactive tabs, and putting them to sleep so they can’t monopolize your system’s resources. When you need to access the tabs again, they will be reloaded and become active. The goal of Energy Saver, meanwhile, is fairly self-explanatory -- helping your laptop battery last longer -- but it does so in a somewhat interesting way. When your battery drops to 20%, Chrome will try to prolong your battery life by “limiting background activity and visual effects for websites with animations and videos.”Presumably, this means Chrome will limit the kind of flashy effects that have made a comeback in web design in recent years. Google says that when these new features launch, users will still be able to customize them to their liking. You can disable either Memory Saver or Energy Saver (or both), and mark certain websites as exempt in Chrome’s settings. The changes could turn out to be important. While Chrome has managed to become the dominant Windows web browser and one of the best browsers for Mac, it has been plagued by poor memory management for years. If Memory Saver and Energy Saver are able to help ameliorate that -- and make your battery last longer too -- then Google might have gone some way to fixing Chrome’s biggest problem. Both Memory Saver and Energy Saver will be launched globally over the next few weeks. The features are coming to Chrome on Windows, macOS, and ChromeOS.

Read more
These Chrome extensions will put cash-saving coupons right in your browser
Woman shopping online for best Early Prime Day Deals

You can save time and money this holiday season with just a few clicks, and you don't have to hunt for those coupon codes on your own anymore, either.

If you know you're going to do your holiday shopping online this year via your Chrome browser, why not let a coupon code browser extension help you out? If you need help choosing one for yourself, read on to see our picks for the best Chrome extensions for holiday shopping coupons.

Read more
Hackers just stole LastPass data, but your passwords are safe
A physical lock placed on a keyboard to represent a locked keyboard.

The developers behind password management software LastPass have just shared some concerning news: Bad actors were recently able to access “elements of our customers’ information” in a recent security breach.

It’s the second time in just a couple of months that LastPass has suffered a security incident, and it appears the two events are directly linked. That’s because LastPass’s developers say that the unauthorized party was able to access customer data “using information obtained in the August 2022 incident.”

Read more