Do you use extensions with Google Chrome? If so, and seriously who doesn’t, you definitely need to check to make sure these five are not included. The five extensions under malware scrutiny are:
- Netflix Party Users: 800,000
Extension ID: mmnbenehknklpbendgmgngeaignppnbe
- Netflix Party 2 Users: 300,000
Extension ID: flijfnhifgdcbhglkneplegafminjnhn
- FlipShope – Price Tracker Users: 80,000
Extension ID: adikhbfjdbjkhelbdnffogkobkekkkej
- Full Page Screenshot Capture – Screenshotting Users: 200,000
- AutoBuy Flash Sales Users: 20,000
Extension ID: gbnahglfafmhaehbdmjedfhdmimjcbed
Threat analysts with McAfee, a U.S.-based computer security company, have identified issues with the five popular Chrome extensions above, deeming their software as malicious. These malicious programs steal users’ browsing data. They can then monitor when the person whose information has been stolen visits an e-commerce website, without the user being aware. The hackers can then change the user’s cookie to appear as if they came through a referrer link, giving the maker of the malware extensions affiliate sale commissions when the user makes a purchase. This lets them make money off of users, spy on what other people do on their own browsers, and bypass affiliate link regulations. Obviously, this is a big problem.
Another issue is that these five Chrome extensions have been downloaded over 1.4 million times combined. The sneaky hackers went one step further in their attempts to try and keep their malware from going undetected. Each of the extensions, when viewed from a user standpoint, seems to function as promised. In fact, they each had all of the intended functionalities. It was not apparent that there was anything wrong or that the information was being altered and viewed. In addition, some of the extensions made it so that the information would not start being shared until 15 days after it was installed, in yet another attempt to evade being noticed.
Luckily, McAfee analysts live for this kind of thing and were able to identify the issues so that more people will not be affected adversely. They discovered, for example, that the data from each of the five extensions were delivered in a similar way, giving the hackers access to the URL, the user’s ID, a referral URL, and most alarmingly, location information down to the device’s city, zip code, and country. For more information on exactly how the cookies and URLs were changed in real-time, you can view this video McAfee posted to their YouTube channel.
While, fortunately, none of the five extensions are still available in the Chrome Webstore, it is important to double-check your computer to see if they are installed. They were not automatically uninstalled from browsers when removed from the Chrome Web Store. This will have to be done manually, which is at least not too difficult of a process.
If the extension’s icon is visible to the right of the address bar, right-click on the icon and select Remove from Chrome. If the icon is not visible, open Chrome. At the top right, click the three descending dots> More Tools> Extensions. Click Remove on the extension you want to remove and confirm by clicking Remove again.