malicious-chrome-extensions-plague-1.4m-users

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Malicious Chrome Extensions Plague 1.4M Users

Researchers have flagged five separate malicious Chrome extensions masquerading as Netflix viewers and more. They track user activity and insert code into any e-commerce sites they visit, letting cyberattackers steal payments through the retailer affiliate programs. 

McAfee Labs analysts found the Chrome extensions being marketed to let users watch Netflix in groups, automatically clip coupons, and take screenshots. All together, the apps have been downloaded 1.4 million times, they found. 

“Browser extensions are the Wild Wild West of the Internet,” says Uriel Maimon, head of emerging products at Human Security. “There are approximately 200,000 extensions available on the Chrome store alone. What most users don’t realize is that extensions have full access to all of the data on a page including your email, banking information and credit-card numbers. While many extensions provide value-added services, there’s little to stop them from collecting and abusing user data.”

The McAfee team has been working on tracking down malicious Chrome extensions, and its latest report is part of that project, researchers wrote in a recent blog about their findings. The researchers warn end users to take extra precautions to verify an extension’s safety if it asks for additional permissions. 

“This blog highlights the risk of installing extensions, even those that have a large install base as they can still contain malicious code,” they said. 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Related News

How to Craft Rich Data-Driven Infographics with Powered Template

How to Craft Rich Data-Driven Infographics with Powered Template

We’re living in a data-driven world, and this means that it’s imperative to share information in the most engaging and…
Meta Fined €265 million in Facebook Data Scraping Case in the EU

Meta Fined €265 million in Facebook Data Scraping Case in the EU

Ireland’s Data Protection Commissioner (DPC) has placed yet another fine of €265 million ($277 million) on Meta following Facebook’s data…
Critical Flaw Exploited to Bypass Fortinet Products and Compromise Orgs

Critical Flaw Exploited to Bypass Fortinet Products and Compromise Orgs

While performing routine monitoring, Cyble’s Global Sensor Intelligence (GIS) discovered a threat actor is distributing unauthorized access to several Fortinet…