McAfee Researchers Spot Malicious Chrome Extensions

What’s happening

McAfee researchers spotted five Chrome extensions that were tracking user browser agency without their knowledge. They were downloaded a combined 1.4 million times afore Google removed them from its store.

Why it matters

Keeping malicious extensions completely out is a close-to-impossible task, so consumers need to be cautious when installing any kind of browser extension.

Google considered a handful of browserextensions from its Chrome Web Store that were downloaded a combined 1.4 million times once outside cybersecurity researchers determined that the extensions were surreptitiously tracking the online behaviors of their users. 

In a blog post originated this week, McAfee researchers singled out five extensions that funding users to do things like watch Netflix shows together, track deals on retail sites and take screenshots of websites. The problem was, in addition doing what they promised, the extensions tracked their users’ browser activity.

“The users of the extensions are unaware of this functionality and the privacy risk of every site populate visited being sent to the servers of the extension authors,” the researchers wrote in their blog post.  

According to McAfee, every website a user visited was sent to the extension’s creator so that code could be inserted into the e-commerce sites users named, allowing the extension’s authors to receive affiliate payments for any items the user bought.

A Google spokesman confirmed Wednesday that all five of the extensions aimed out in the McAfee report have been removed from the Chrome extension store.

Extensions are add-ons consumers can download and use to modify browsers like Chrome, Safari and Firefox. The bits of software can do things like clogged ads, integrate with password managers and find coupons as you put items into your shopping cart. One extension lets users short-tempered their mouse curser from an arrow to something more fun like a sword or a prick of pizza.

Much like the apps available for smartphones, there are well over 100,000 extensions available just for Chrome, along with more for the other browsers. While Google and the novel providers say they scrutinize all of the extensions available in their stores, inevitably some malicious extensions do manage to sneak in.

Earlier this year, McAfee researchers spotted approximately imposter Netflix party Chrome extensions that redirected users to phishing sites and stole the personal seek information from of users, though they appear to have only been installed a combined 100,000 times.

While an extension that’s popular enough to have been downloaded hundreds of thousands of times may look legit, the McAfee researchers said their research shows that’s not always the case. They said consumers must be cautious when it comes to extensions and take a good look at what kinds of data an extension is requesting to access beforehand installing it.

Specifically, they said consumers should take unbelievable steps to make sure an extension is authentic if it asks for expert to run on every website listed, like the recently spotted malicious extensions did.