experts-find-malicious-cookie-stuffing-chrome-extensions-used-by-1.4-million-users

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Experts Find Malicious Cookie Stuffing Chrome Extensions Used by 1.4 Million Users

Five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others have been found to track users’ browsing activity and profit off retail affiliate programs.

“The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website,” McAfee researchers Oliver Devane and Vallabh Chole said. “The latter borrows several phrases from another popular extension called GoFullPage.”

The browser add-ons in question – available via the Chrome Web Store and downloaded 1.4 million times – are as follows –

  • Netflix Party (mmnbenehknklpbendgmgngeaignppnbe) – 800,000 downloads
  • Netflix Party (flijfnhifgdcbhglkneplegafminjnhn) – 300,000 downloads
  • FlipShope – Price Tracker Extension (adikhbfjdbjkhelbdnffogkobkekkkej) – 80,000 downloads
  • Full Page Screenshot Capture – Screenshotting (pojgkmkfincpdkdgjepkmdekcahmckjp) – 200,000 downloads
  • AutoBuy Flash Sales (gbnahglfafmhaehbdmjedfhdmimjcbed) – 20,000 downloads

The extensions are designed to load a piece of JavaScript that’s responsible for keeping tabs on the websites visited and inject malicious code into e-commerce portals, letting the attackers make money through affiliate programs for purchases made by the victims.

“Every website visited is sent to servers owned by the extension creator,” the researchers noted. “They do this so that they can insert code into eCommerce websites being visited. This action modifies the cookies on the site so that the extension authors receive affiliate payment for any items purchased.”

Also incorporated in the malware is a technique that delays the malicious activity by 15 days from the time of installation of the extension to help keep its activity concert and avoid raising red flags.

The findings follow the discovery of 13 Chrome browser extensions in March 2022 that were caught redirecting users in the U.S., Europe, and India to phishing sites and exfiltrate sensitive information.

As of Wednesday, all the five add-ons have been removed from the Chrome Web Store. That said, users of the installed extensions are recommended to manually remove them from their Chrome browser to mitigate further risks.


Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Related News

Hackers using USB drives to spread malware in ongoing attack

Hackers using USB drives to spread malware in ongoing attack

According to a recent post by the cybersecurity firm Mandiant, USB drives are being used to hack targets in Southeast…
AI-Powered Smart Glasses Give Deaf People the Power of Speech

AI-Powered Smart Glasses Give Deaf People the Power of Speech

In a recent example of innovative technology making a positive difference, there is now new artificial intelligence (AI) powered smart…
16,000+ Scam Domains Aimed at FIFA World Cup Fans in Qatar

16,000+ Scam Domains Aimed at FIFA World Cup Fans in Qatar

Seeing as scammers readily jump to capitalize on events with huge global interest, it comes as no surprise that Group-IB…