Five Well-Known Google Chrome Extensions Are Exposing Your Privacy: McAfee
Five Google Chrome extensions that reroute users to phishing websites and add affiliate IDs to eCommerce sites' cookies have been warned about by cybersecurity company McAfee. The business asserts that the five extensions collectively have over 1,400,000 installations and are a threat to user privacy. These include AutoBuy Flash Sales (200,000 users), Full Page Screenshot Capture Screenshotting (200,000 users), Netflix Party (800,000 users), Netflix Party 2 (300,00 users), FlipShope Price Tracker Extension (80,00 users) . Although it appears that extensions are not available in the Chrome store, users should remove any that they may have already installed on their computers.
All five of these extensions exhibit comparable behaviour, according to McAfee. The firm states in a blog post that the web app loads a multipurpose script (B0.js) that transmits surfing information to a domain under the attacker's control ("langhort[.]com"). Without getting too technical, some of the extensions deceive researchers or watchful users by sending out malicious links after 15 days.
Added in the post: "We discovered an interesting trick in a few of the extensions that would prevent malicious activity from being identified in automated analysis environments. They contained a time check before they would perform any malicious activity. This was done by checking if the current date is > 15 days from the time of installation".
In a phishing attack, attackers send harmful links or push users to dangerous websites in an effort to trick them into sharing their usernames and passwords. Once these are exposed, additional personal data and banking information may be accessed and used against them. In that circumstances, users are urged to refrain from installing dubious extensions that claim to increase productivity. They should always double-check the links on the internet to look for typos or wrong digits in the URL.