CybersecurityTech News

Affiliate scam: Chrome browser add-ons with 1.4 million installs

McAfee has identified five Chrome add-ons that manipulate browser data and operate affiliate rip-offs. They come to 1.4 million installations.

 

There are five malicious browser extensions for Google Chrome out of a total of 1.4 million installations. McAfee’s IT security experts have discovered that the add-ons divert and manipulate data in the browser and foist cookies on users, which bring the programmers affiliate income.

 

These are browser extensions that sell coupon codes or offer to watch Netflix with others, as well as those that take screenshots of web pages. In the add-on descriptions in the web store, the add-on programmers sometimes copy texts from popular extensions with the same functions.

In addition to the function actually offered, the harmful browser extensions do even more: they track the surfing behavior of users. Every website visited ends up on the servers of the extension programmers. McAfee’s IT security researchers explain in a blog post that they want to use this to integrate their own code into eCommerce websites they visit.

In doing so, they modify the cookies on the website so that the add-on developers receive affiliate payments for each item purchased. Users are unaware of this feature and the risk to their privacy of having all visited pages sent to the servers of the masterminds behind the extensions.

Surname Extension ID number of installations
AutoBuy Flash Sales gbnahglfafmhaehbdmjedfhdmimjcbed 20,000
FlipShope – Price Tracker Extension adikhbfjdbjkhelbdnffogkobkekkkej 80,000
Full Page Screenshot Capture – Screenshotting pojgkmkfincpdkdgjepkmdekcahmckjp 200,000
Netflix Party mmnbehknklpbendgmgngeaignppnbe 800,000
Netflix Party 2 flijfnhifgdcbhglkneplegafminjnhn 300,000

Specifically, the add-ons send the URL of the website visited to a server owned by the add-on developers. This looks up whether it has an affiliate ID for the website and, if so, sends back an address. The add-on builds this address into the website as an iframe and sets the cookie with the scammers’ affiliate ID. They then receive an unjustified commission when they make a purchase on the website.

Some add-on programmers install delays in order to avoid detection of malicious functions through automatism. The add-ons then only set the fake cookies 15 days after installation; before that they remain unsuspicious. Chrome users should quickly uninstall the five add-ons that McAfee found.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button