Chrome extensions can be a great way to add extra features to your browser, but beware of malicious ones. Here are five popular Chrome extensions that are known to be malware:
- AdBlock Plus: This extension is known to collect personal information, such as browsing history and IP addresses. It is also possible to track users’ online activity through this extension. Therefore, it is recommended that AdBlock Plus be deleted immediately.
- BetterPrivacy: This extension collects similar information to AdBlock Plus, but it also logs user activity and sends the data to a third-party server. BetterPrivacy should also be deleted immediately because it could potentially expose users’ personal information to hackers.
- CoinHive: This extension mines cryptocurrency on users’ computers without their consent or knowledge. CoinHive has been linked with malware in the past, so it should be removed if found on a user’s computer.
- Ghostery: Ghostery is a privacy extension that helps users block tracking cookies and other trackers from websites they visit. It has been linked with malware in the past, so it should also be removed if found on a user’s computer.
- uBlock Origin: uBlock Origin is one of the most popular privacy extensions available for Chrome browsers and Firefox browsers alike. It blocks ads, tracking cookies, and other intrusive ads and content from websites visited by users ..
Google Chrome extensions can super-charge your browsing experience with more features, but there have been many malicious extensions over the years. Five more bad extensions have been discovered, thanks to a recent security report.
McAfee published a report on Monday detailing five malicious browser extensions available on the Chrome Web Store, including two “Netflix Party” extensions, “FlipShope — Price Tracker Extension,” “Full Page Screenshot Capture — Screenshotting,” and “AutoBuy Flash Sales.” Each of them had more than 20,000 downloads, with over 1,400,000 downloads combined.
Each extension listens for page changes in the browser, and each time the user navigates to a new page, the extension sends the page URL to a remote server to check if affiliate revenue code can be injected. Many sites (including How-To Geek) include affiliate code in links to shopping websites, which sometimes provides them with a small cut of revenue. However, most of the offending extensions are not related to buying items at all, and they are injecting the code for all possible pages. McAfee also found evidence that some of the extensions wait 15 days after they are installed to start injecting affiliate code, presumably to avoid initial detection.
Google has been working to crack down on malicious extensions with the new Manifest V3 standard. Compared to the older Manifest V2 technology (which at least one of the extensions is using), Manifest V3 gives people more control over what pages extensions can access. Manifest V3 also blocks remotely hosted code, which would prevent some (but not all) of the behavior reported by McAfee.
The most popular Netflix Party extension, which had over 800,000 users, has since been removed from the Chrome Web Store. The rest of them are still live, and “Full Page Screenshot Capture” still has a “Featured” label on the Store. If you have any of them installed, be sure to remove them. How-To Geek has reached out to Google for comment, and we will update this article when (or if) we get a response.
Source: McAfee Via: Bleeping Computer