DODGY Google Chrome extensions with more than a million downloads have been uncovered by cyber security buffs.
In a blog post this week, researchers at McAfee highlighted five Chrome add-ons that secretly steal users’ browsing activity.
The downloads track online retailers that the victim visits and modify background data to make it look as though they got there through a special link.
That special URL – known as an affiliate link – earns the crooks who built the extension a fee for any purchases made by the victim.
The extensions have been downloaded more than 1.4million times, researchers wrote on Monday.
And while they don’t cause those who downloaded them any direct financial harm, they do expose their browsing history to crooks.
This history can be used to launch phishing attacks and other scams against unsuspecting victims.
McAfee urged Chrome users to be vigilant when downloading extensions, as even those with lots of downloads can cause harm.
Chrome extensions are like apps for your browser and allow you to modify and customise your experience.
For instance, extensions may translate foreign web pages for you, or store all of your passwords.
Most read in Tech
Dodgy extensions disguised as legitimate ones are banned by Google.
The firm monitors and attempts to keep the Chrome Web Store – the official online marketplace for extensions – free of them.
However, thousands slip through the cracks every year.
Cyber crooks favour running scams through extensions in part because they are so popular, and are subject to few security checks.
The extension uncovered by McAfee were disguised as add-ons for Netflix, screenshot buttons, and a price-tracking tool.
They have now been removed from the Chrome Web Store, but could still be active on your browser.
If you are using any of the extensions below, it’s best to remove them from your browser immediately.
- Netflix Party – 800,000 downloads
- Netflix Party 2 – 300,000 downloads
- Full Page Screenshot Capture – Screenshotting – 200,000 downloads
- FlipShope – Price Tracker Extension – 80,000 downloads
- AutoBuy Flash Sales – 20,000 downloads
The researchers urged users to take extra precautions to verify an extension’s safety if it asks for additional permissions.
“This blog highlights the risk of installing extensions, even those that have a large install base as they can still contain malicious code,” they said.
Best Phone and Gadget tips and hacks
Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
This post first appeared on Thesun.co.uk