McAfee warns against five Google Chrome extensions
McAfee, the cybersecurity firm, has warned against five Google Chrome extensions that redirect users to phishing sites and insertaffiliate IDs into cookies on e-commerce sites. The company claims that the five extensions have an installed base of more than 1,400,000 and threaten users' private data. These are Netflix Party (800,000 users), Netflix Party 2 (300,000 users), FlipShope Price Tracker Extension (80,000 users), Full Page Screenshot Capture Screenshotting (200,000 users), and AutoBuy Flash Sales (20,000 users). The extensions seem to be unavailable in the Chrome Store, but if users have them installed on their PCs, please remove them now.
McAfee adds that these five extensions have similar behaviour. In a blog post, the cybersecurity firm explains that the web application loads a multifunctional script (B0.js) that sends browsing data to a domain that the attacker control ("langhort[.]com"). Without getting too techie, some of the extensions send malicious links after 15 days to confuse researchers or attentive users.
The post adds, "We discovered an interesting trick in a few of the extensions that would prevent malicious activity from being identified in automated analysis environments. They contained a time check before they would perform any malicious activity. This was done by checking if the current date is > 15 days from the time of installation".
In a malicious attack, attackers send malicious links or redirect to malicious sites that entice users to share usernames and passwords. Once these are compromised, other personal information and bank details can be accessed and used against you. So, users are advised to avoid downloading suspicious extensions that are designed to improve their productivity. They should always check web links for misspellings or numbers in the URL.
McAfee advises its customers to be careful when installing Chrome extensions and pay attention to the permissions they ask for. The permissions will be displayed in Chrome before the extension installation. Of course, the company advises users to use its McAfee WebAdvisor, which might detect these malicious extensions.