McAfee Researchers Spot Malicious Chrome Extensions

 

 

Google removed a handful of browser extensions from its Chrome Web Store that were downloaded a total of 1.4 million times after outside cybersecurity researchers determined that the extensions were secretly tracking their users' online activities. Loaded.

In a blog post published this week, McAfee researchers put together five extensions that allow users to do things like watch Netflix shows together, track deals on retail sites and take screenshots of websites. . The problem was that in addition to doing what they promised, the extensions tracked their users' browser activity.

"Users of the extension are unaware of this functionality and of the privacy risk of being sent to the extension authors' servers on every site they visit," the researchers wrote in their blog post.

According to McAfee, the website the user visits is sent to the extension's creator to insert the code into the e-commerce sites the user visited, allowing the extension's authors to purchase the user. Affiliate payments can be received for any item.

A Google spokesperson confirmed on Wednesday that all five extensions identified in the McAfee report have been removed from the Chrome Extension Store.

Extensions are add-ons that users can download and use to modify browsers such as Chrome, Safari, and Firefox. Bits of software can do things like block ads, integrate with password managers, and find coupons as you add items to your shopping cart. An extension lets users change their mouse cursor from an arrow to something more fun, like a sword or a slice of pizza.

Similar to apps available for smartphones, there are more than 100,000 extensions available for Chrome alone, and more for other browsers. While Google and other providers say they investigate all extensions available in their stores, inevitably some malicious extensions manage to sneak through.

Earlier this year, McAfee researchers looked at Netflix party Chrome extensions that redirected users to phishing sites and stole users' personal information, even though they appeared to have been installed only 100,000 times combined. .

While an extension that's so popular it's been downloaded millions of times may seem legitimate, McAfee researchers said their research shows that's not always the case. He said that when it comes to extensions, users should be careful and take a good look at what kind of data access the extension is requesting before installing it.

In particular, he said users should take extra steps to ensure that the extension asks for permission to run on every website on the list if it's authentic, like the malware seen recently. based extension was done.