Headline
Malicious Chrome Extensions Plague 1.4M Users
Analysts find five cookie-stuffing extensions, including one that’s Netflix-themed, that track victim browsing and insert rogue IDs into e-commerce sites to rack up fake affiliate payments.
Researchers have flagged five separate malicious Chrome extensions masquerading as Netflix viewers and more. They track user activity and insert code into any e-commerce sites they visit, letting cyberattackers steal payments through the retailer affiliate programs.
McAfee Labs analysts found the Chrome extensions being marketed to let users watch Netflix in groups, automatically clip coupons, and take screenshots. All together, the apps have been downloaded 1.4 million times, they found.
The McAfee team has been working on tracking down malicious Chrome extensions, and its latest report is part of that project, researchers wrote in a recent blog about their findings. The researchers warn end users to take extra precautions to verify an extension’s safety if it asks for additional permissions.
“This blog highlights the risk of installing extensions, even those that have a large install base as they can still contain malicious code,” they said.
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe