Google Chrome extensions that steal users’ browsing data downloaded over 1.4 million times

Experts from data security leader McAfee have warned that five Google Chrome extensions found to steal users’ browsing activity have been downloaded more than 1.4 million times.

The company’s threat analysts discovered that the malicious extensions worked by secretly checking when its users were heading to e-commerce websites, according to the BleepingComputer website.

WATCH THE VIDEO ABOVE: Fear passwords saved on Google Chrome extensions aren’t secure

Watch the latest news on Channel 7 or stream for free on 7plus >>

Once done, the data would be sent to the creator of the extension to allow the code to then be injected into those e-commerce sites.

This code would then allow the authors of the extension to receive affiliate payments for all items purchased by the user on these e-commerce sites as if the users had arrived via a referral link, according to

McAfee identified malicious Google Chrome extensions as:

  • Netflix party (mmnbenehknklpbendgmgngeaignppnbe)
  • Netflix Party 2 (flijfnhifgdcbhglkneplegafminjnhn)
  • Full Page Screenshot – Screenshot (pojgkmkfincpdkdgjepkmdekcahmckjp)
  • FlipShope – Price Tracker Extension (adikhbfjdbjkhelbdnffogkobkekkkej)
  • AutoBuy Flash Sales (gbnahglfafmhaehbdmjedfhdmimjcbed)

The first two extensions named Netflix had been downloaded 800,000 and 300,000 times respectively while the remaining three extensions had been downloaded and installed 200,000 times, 80,000 times and 20,000 times respectively.

According to McAfee, the extensions still have full functionality, allowing users to watch Netflix shows together, or use website coupons, as well as take screenshots of a website.

However, they are still considered by McAfee to be a serious privacy risk given their hidden ability to track their browser activity.

“Extension users are unaware of this feature and the privacy risk of each visited site being sent to the extension authors’ servers,” according to McAfee. blog post. reported on Thursday that Google had removed the five extensions reported in the McAfee report from its Chrome extension store.

McAfee said that given the apparent dangers of phishing, it always advises its customers to exercise caution when installing Chrome extensions.

File image of a smartphone with the Google Chrome app. Credit: Getty Images

Data security experts have also urged customers to pay attention to the permissions requested during said installs, especially if the extensions request permissions that allow them to run on every website the user visits.

“Permissions will be displayed by Chrome before installing the extension,” McAfee said in his blog post.

“Customers should take extra steps to verify authenticity if the extension requests permissions to run on every website you visit.”

Comments are closed.