Google Chrome extensions are being used to track user activity and earn affiliate commission, says a McAfee report
Sep 1, 2022, 13:33 IST
- A McAfee report has revealed that malicious Google Chrome extensions are being used to track users and earn affiliate commission.
- The company has identified five extensions with over 1.4 million downloads.
- The extensions reportedly add code when a user visits e-commerce websites, allowing the creator to earn affiliate commission.
Advertisement
A report by cyber security company McAfee has revealed that several malicious Google Chrome extensions are being used to track user activity and insert code into websites.According to the McAfee report, the company has found five Google Chrome extensions that have been collectively downloaded over 1.4 million times. The extensions offer features such as allowing users to watch Netflix with their friends, capture full-page screenshots and track prices on e-commerce websites.
What are the extensions doing?
According to McAfee, the Google Chrome extensions track users’ browsing activity and send a list of websites that the extension’s creator visits. Then, the extension is used to insert code into the e-commerce websites being visited, allowing the creator to receive affiliate payments from the e-commerce websites.
Extensions used to insert code
Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More
| Extension | Downloads |
| Netflix Party | 800,000 |
| Netflix Party 2 | 300,000 |
| FlipShope - Price Tracker Extension | 80,000 |
| Full Page Screenshot Capture - Screenshotting | 200,000 |
| AutoBuy Flash Sales | 20,000 |
The users of these extensions are reportedly unaware that these extensions are being used to track their activity and insert code for affiliate commission.
Advertisement
“The users of the extensions are unaware of this functionality and the privacy risk of every site being visited being sent to the servers of the extension authors,” McAfee said in its blog post.
Some extensions reportedly use “time delays” to avoid detection.
“We discovered an interesting trick in a few of the extensions that would prevent malicious activity from being identified in automated analysis environments. They contained a time check before they would perform any malicious activity. This was done by checking if the current date is > 15 days from the time of installation,” McAfee added.
McAfee, in its post, has also advised users to be cautious while installing extensions on their devices and asked users to verify the permissions being requested by the extensions.
SEE ALSO:
Tejas Mark-2 project reportedly approved by the Cabinet Committee on Security
Amid reports of ban on Chinese budget smartphones, Mukesh Ambani reveals Reliance Jio and Google are working on an affordable 5G smartphone
Google foldable phone patent spotted, expected to launch next year
Advertisement