NCC Warns About 5 Malicious Google Chrome Extensions Malware.
- McAfee advises its customers to be cautious when installing Chrome extensions on their devices.
The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has released an advisory regarding five malicious Google Chrome Extensions with a total install base of over 1,400,000 that track online browser’s activities and steal user data.
This advisory follows a September 9 Update on an earlier August 29 security alert released by the McAfee Antivirus’ McAfee Mobile Research Team.
The five malicious extensions which the McAfee Mobile Research Team discovered and published include:
- Netflix Party with 800,000 downloads,
- Netflix Party 2 with 300,000 downloads,
- Full Page Screenshot Capture Screenshotting with 200,000 downloads,
- FlipShope Price Tracker Extension with 80,000 downloads, and
- AutoBuy Flash Sales with 20,000 downloads.
According to the Antivirus software firm, McAfee, “The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website. The latter borrows several phrases from another popular extension called GoFullPage,”
In response to this, the NCC-CSIRT advised that consumers be cautious when installing any browser extension as the five google chrome extensions identified have a high probability to cause damage to users having been downloaded more than 1.4 million times.
“The users of these chrome extensions are unaware of their invasive functionality and privacy risk. Malicious extensions monitor victims’ visits to e-commerce websites and modify the visitor’s cookie to appear as if they came through a referrer link. Consequently, the extensions’ developers get an affiliate fee for any purchases at electronic shops,” the advisory said.
“These include removing all listed extensions from their chrome browser manually. Internet users are to pay close attention to the promptings from their browser extensions, such as the permission to run on any website visited and the data requested before installing it. Although some extensions are seemingly legit, due to the high number of user downloads, these hazardous add-ons make it imperative for users to ascertain the authenticity of extensions they access.” the advisory stated.
McAfee on the other hand advises users to pay close attention to permissions granted to apps or extensions during installation.
“McAfee advises its customers to be cautious when installing Chrome extensions and pay attention to the permissions that they are requesting.
“The permissions will be shown by Chrome before the installation of the extension. Customers should take extra steps to verify the authenticity if the extension is requesting permissions that enable it to run on every website you visit,” the Software giant said on its website.
Google Chrome extensions are software programs that can be installed into Chrome to add functionality to the browser, such as adding new features, behavior, capability, etc. An example is the ‘saveFromNet’ Chrome extension which helps users download YouTube videos directly with a video URL.
Source | Choc News
Leave a Reply