Latest News
Experts find malicious cookie stuffing Chrome extensions used by 1.4 million users
McAfee researchers Oliver Devane and Vallabh Chole have discovered five imposter extensions for the Google Chrome web browser masquerading as Netflix viewers and others, that have been downloaded 1.4m times in total and have been found to track users' browsing activity and profit off retail affiliate programs.
The extensions, which have now been removed from the Chrome Web Store, were designed to load a piece of JavaScript that's responsible for keeping tabs on the websites visited and inject malicious code into e-commerce portals, letting the attackers make money through affiliate programs for purchases made by the victims.
Devance and Chole commented that "Every website visited is sent to servers owned by the extension creator, so that they can insert code into eCommerce websites being visited. This action modifies the cookies on the site so that the extension authors receive affiliate payment for any items purchased”.
The researchers added that the malware incorporated a technique that delayed the malicious activity by 15 days from the time of installation of the extension, to help keep its activity covert and avoid raising any red flags. And this discovery comes after 13 Chrome extensions were found, in March 2022, to be redirecting users in the U.S., Europe, and India to phishing sites to exfiltrate sensitive information.