Photo: Jeramey Lende (Shutterstock)
Chrome extensions are supposed to make your browser even better—but not all of them can be trusted. As hard as Google tries, the Chrome Web Store isn’t a marketplace of innocent utilities. While most are properly vetted, some slip through the cracks, just as they do on the Play Store and even Apple’s App Store. Now, we know about another group of malware posing as legitimate extensions, including two “Netflix” options unaffiliated with the company.
McAfee’s security analysts discovered this latest batch of five malicious Chrome extensions. Together, they have more than 1.4 million downloads. These extensions are different from each other, but have the same end goal in their design. Once you install one of these extensions to your browser, it waits for you to visit an e-commerce site, such as Best Buy or Amazon. The extension then sends your browsing data to their own domain, and if your site matches one of their affiliates, they’ll either inject their affiliate link into the page’s URL, or hijack your cookies with their own. Either way, the goal is to make a commission on whatever you buy.
Affiliate ID Injection (McAfee Labs)
In this way, these extensions are different from typical scams. They aren’t after your personal information, or attempting to break into your accounts. Rather, they treat you and 1.4 million others as middlemen for their own commissions. That doesn’t make them better than other malware, however, and should be stopped however possible.
Worse yet, each malicious extension surprisingly works as advertised. FlipShope is actually a price tracker, and Full Page Screenshot Capture does capture screenshots of your browser. Usually, apps and utilities containing malware are nothing less than a front to trick you into installing them. The developers behind these extensions, however, want you to suspect nothing, since it makes them more money the longer you keep the utilities installed in Chrome.
Here are the following malicious apps McAfee analysts discovered, sorted by number of downloads:
Netflix Party: 800,000 downloadsNetflix Party 2: 300,000 downloadsFull Page Screenshot Capture – Screenshotting: 200,000 downloadsFlipShope – Price Tracker Extension: 80,000 downloadsAutoBuy Flash Sales: 20,000 downloadsAs of this article, AutoBuy Flash Sales and FlipShope – Price Tracker Extension are still available on the Chrome Web Store, bu Google has since scrubbed the other three. However, even if all five are deleted from the web store, Google can’t remove them from your browser. If you installed any of these extensions in Chrome, delete them now.
G/O Media may get a commission
How to protect yourself from malicious Chrome extensions
This issue isn’t a new, by any means. In fact, we’ve covered how to avoid malicious extensions in the past. In short, the advice is similar to protecting yourself from malicious apps on the App Store:
Make sure you’re downloading the right extension you’re looking for. Malicious extensions thrive off of confusing users with a similar name to another popular extension.Pay close attention to the extension’s web store listing. Is everything spelled right? Do the images match the advertised features?Look at the reviews for the extensions. Do reviewers seem legitimate? Are they reviewing the right extension?Do some external research into the extension before downloading. What does Google pick up when you search for it?Google isn’t able to block every malicious extension, but you can employ good judgment to avoid installing them to your browser.