In the past, Google’s Chrome browsers have found many extensions related to the malware and removed them from their store, and now after an analysis from the security giant, five more extensions have been found same criteria.

And these five extensions are not some of the underrated extensions; in total, they have over 1.4 Million users. Let’s discuss all details about these extensions below.

Five Extensions, Including “Netflix Party,” Are Found As Malware

Five Extensions, Including Netflix Party, Are Found As Malware

Some days back, threat analysts at malware & security protection company McAfee examined some extensions and found that they were stealing user’s browsing activity.

Also, some of the extensions from this list are found to be doing Cookie Stuffing for injecting their Affiliate ID, which was completely hidden and hard for users to notice before this report.

First, let me tell you the name of these extensions, and I recommend you stop using these extensions. If you’ve installed them in your browser, even if it is Chrome or Edge, uninstall them to keep your browsing safe.

  • Netflix Party, which is used for creating watch parties for watching shows with friends and this extension, has been downloaded over 800,000 times.
  • Netflix Party 2 is a parallel extension of the first one with 300,000 downloads.
  • Full Page Screenshot Capture – Screenshotting is just a normal screenshot extension for the browser, and it has been downloaded 200,000 times. While Chrome already has its own screenshot tool.
  • FlipShope – Price Tracker Extension provides shopping coupons and real-time price details from some shopping sites, with over 80,000 downloads.
  • AutoBuy Flash Sales was also doing the same shopping coupon system, which has been downloaded over 20,000 times.

As these, all extensions perform different tasks and have different names from each other, but they all have the same goal: inject their affiliate links into your browser while you are shopping.

You can see in the below video from McAfee Labs how these extensions inject their Affiliate ID by using different file editing patterns such as JSON or JS.

The video only shows one website, BestBuy, but these extensions also inject into Amazon and other shopping sites.

And these sites not only stop Affiliate ID injecting, but they also steal the data of users in hidden and different ways as they are found doing this kind of scam.

Besides, Google removed all these extensions from their Web Store when they discovered all these details. And you can also check out the complete report from McAfee to know more.


Please enter your comment!
Please enter your name here