Saturday, November 26, 2022

World No 1 Tech News Website

These malicious Chrome extensions have more than 1.4 million users — delete them now

Must read

Aizaz khan
Aizaz khanhttps://myelectricsparks.com/aizaz-khan/
Aizaz was the first person to get a byline on his blog on technology from his home in Bannu in 2017. Then, he went on to a career in breaking things professionally at my electric sparks which is where he eventually took over the kit as a hardware editor. Today, as the senior editor of hardware for my electric sparks, he spends time reporting about the most recent developments in the hardware industry and technology. If he's not reporting on hardware or electronics, you'll see him trying to be as remote from the world of technology as possible through camping in the wild.

The best Google Chrome extensions can add useful functionality to the popular web browser, but they can also be used to spread malware and threaten your cybersecurity. And a recent report (opens in new tab) from security firm McAfee has identified five extensions that promise to boost your browser but in return are actually stealing your data.

 

The five malicious browser extensions identified by McAfee are Netflix Party (and its successor Netflix Party 2), FlipShope — Price Tracker Extension, Full Page Screenshot Capture — Screenshotting and AutoBuy Flash Sale. Combined, they have almost 1.5 million downloads, with the first Netflix Party having more than 800,000 installs alone.

These extensions do provide the core functionality promised, but according to McAfee they also inject unwanted code into your browser. If you have any of the five installed, the extension will check to see if it can inject an affiliate revenue code every time you navigate to a new web page, allowing the creators of the extension to profit off your online purchasing, without your consent. McAfee has released a video further detailing how this process works, which you can watch below.

To Google’s credit, it takes a hardline stance against these malicious add-ons and has already removed both Netflix Party extensions from its Chrome Web Store. However, the others are still live and available to download. Furthermore, even if an extension is removed from the Chrome store, users who have previously downloaded the extension still need to take action. You’ll need to manually remove the extensions from your browser to fully protect yourself and ensure your online security isn’t being breached.

Earlier this month, cybersecurity experts Kaspersky estimated that more than 1.3 million users have been affected by malicious browser extensions in just the first half of 2022 alone. In fact, from January 2020 to June 2022, Kaspersky discovered that more than 4.3 million users had adware hiding in their browser extensions. And while Google is constantly removing offending extensions, new ones continue to pop up at an alarming rate.

How to protect yourself from malicious browser extensions

In order to protect yourself and your data from browser extension threats, Kaspersky first recommends that you only use trusted sources to download software. Malware and other unwanted applications are often distributed through third-party resources, as they don’t have the same security checks in place that official web stores do.

Even when downloading a browser extension from a trusted source, you should still carefully consider any access requests before agreeing to them. As the five examples above prove, even reputable webstores can play host to extensions with sinister intentions.

At the same time, it’s also worth limiting the number of extensions you use and periodically reviewing which extensions you have installed in your browser. McAfee has previously identified extensions that initially appear fine, but after a set period of time begin harvesting your data. So, make sure you’re constantly checking what permissions extensions are seeking.

Finally, you should have one of the best antivirus software solutions installed on all of your devices, as they can flag malicious extensions and warn you that they should be removed before your data falls into the wrong hands.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article