4 Popular Chrome Extensions Are Stealing Your Browsing Data, So Remove Them Now
Any unreliable software you install can be dangerous. Whether it’s a mobile app, PC game, or browser extension, it could steal your data. This week, security researchers at McAfee Labs highlighted five Chrome extensions that can track your browsing activity. 1.4 million Chrome users have installed these extensions so far, and chances are none of them knew exactly what the extensions were doing in the background.
Remove these malicious Chrome extensions as soon as possible
These extensions appear to be unrelated at first glance. Some let users watch Netflix shows with friends, others track prices, and one takes screenshots.
What they have in common is that they send a log of every website you visit to a server owned by the creator. McAfee says they do this in order to “insert code into e-commerce websites”, which allows creators to modify cookies so that they receive affiliate payments for everything you buy. They surreptitiously make money off strangers.
Here are the malicious extensions and the number of times they were downloaded:
- Netflix party | 800,000 downloads
- Netflix Party 2 | 300,000 downloads
- Full Page Screenshot – Screenshot | 200,000 downloads
- AutoBuy Flash Sales | 20,000 downloads
If you want to see the malicious behavior in action, watch McAfee’s video below:
This discovery shows how risky it can be to download Chrome extensions, no matter how popular they are. Just because hundreds of thousands of people have downloaded the extension doesn’t mean it’s safe to install on your browser.
As McAfee explains in his blog post, these extensions are surprisingly good at hiding their true purpose. Some extensions only start performing the malicious actions at least 15 days after they are installed by a user. This way we are even less likely to be suspicious.
Needless to say, if you have any of the Chrome extensions above, remove them now.
UPDATE | 9/13: A previous version of this article included FlipShope, a price tracking extension. The team behind the extension contacted us to vehemently dispute McAfee’s claims, released an updated extension, and we removed the extension from the list.