Internet and PC security are becoming harder and harder to maintain as new technologies and tools are surfacing every single day. It is hard to determine the reliability and security standards of newer web extensions because the general assumption is that if it is associated with Google, it is probably safe. This cannot be farther from the truth! A recent and alarming new discovery by McAfee anti-virus and anti-malware software is that these five beloved and popular Google Chrome extensions are actually malware!
Table of Contents
Netflix Party
This has been the biggest heartbreak for most people because everyone enjoys watching movies and shows with their friends. It has been revealed that the Netflix Party extension has been stealing private information from its users under the guise of connecting people across the world for movie time. With a whopping 800,000 downloads, the software has impacted thousands of unsuspecting people, many of whom still don’t know of its truly sinister nature. Netflix Party stores the streamers’ chats and uses them to generate cookies and alter your browsing experience. Maybe it’s best to stick to using Spectrum TV Essentials. Or one that you have had a good experience with.
Teleparty
Teleparty is the new and improved version of Netflix Party, that offers to stream and shared watching services on up to 6 different streaming service sites! It includes access to Netflix, YouTube, Hulu, Amazon Prime, HBO Max, and Disney Plus. It has received a total of 300,000 downloads, as people are still unaware of its impact on their computers. However, it is alleged to keep records of its users’ conversations, just like its predecessor.
Full Page Screenshot Capture
This is a useful extension as it provides users with an alternative to the “print screen” button, which is now absent from most laptops and personal computers. Instead of having to drag the snipping tool from one end of the screen to the other. It’s no wonder that it has received up to 200,000 downloads, exposing just that many people to the malware.
FlipShope — Price Tracker Extension
This extension allows users to track the prices of different products on eCommerce sites that are compatible with it. Given its useful nature, it has received 80,000 downloads and is still readily available and popularly used.
AutoBuy Flash Sales
The AutoBuy Flash Sales extension is a very useful one that allows users to enable an auto-buying mechanism that picks up on flash sales and automatically makes the purchase when a product is on a limited time discount offer. This popular extension, too, has around 20,000 downloads.
What Does Google Extension Malware Do?
Upon being installed and added to your Chrome, these extensions can immediately access and observe when users open eCommerce websites. Visiting an eCommerce website generates a cookie that gets altered by the malware so that it appears as if they arrived at the site in question using a referrer link. This means that whoever has programmed the extension can extract an affiliate fee every time that the target purchases anything from any site.
According to McAfee’s detailed account, all the aforementioned extensions manifest – an element that dictates how the add-ons are run on the search engine, create and execute a multifunctional script that enables browsing data to be redirected to the hackers through a secret and unknown domain that they have registered as their own.
Upon visiting a new URL or website, all of a user’s browsing data is sent in the form of POST requests. This information can potentially include the website URL and address in base64 form, the user’s ID, their device’s location down to the country, city, and zip code, and an encoded referral URL.
In order to avoid detection, many of the extensions’ malicious activities lay dormant for up to 15 days (about 2 weeks) after they have been installed by a user. This throws them off and covers up the connection between the downloaded extension and the suspicious activity that follows. In a similar fashion to this, threat actors, too, postpone the configuration of their malware onto a system for up to a month after it has made contact.
Conclusion
All of the extensions mentioned above do give access to the functionality that they are alleged to provide, as per Google web store pages. On top of this, the fact that they boast a massive user-base of over a hundred thousand users each is reason enough for people to assume the supposed legitimacy of the software, which seems very convincingly reliable. Although the Netflix Party extension is now no longer available and has been removed, the full-screen screenshot extension and price tracker extension are still readily available and utilized by hundreds and thousands of unsuspecting individuals.
