Friday, September 30, 2022
HomeCyber SecuritySpecialists Discover Malicious Cookie Stuffing Chrome Extensions Utilized by 1.4 Million Customers

Specialists Discover Malicious Cookie Stuffing Chrome Extensions Utilized by 1.4 Million Customers

5 imposter extensions for the Google Chrome net browser masquerading as Netflix viewers and others have been discovered to trace customers’ shopping exercise and revenue of retail affiliate packages.

“The extensions supply numerous features similar to enabling customers to observe Netflix exhibits collectively, web site coupons, and taking screenshots of an internet site,” McAfee researchers Oliver Devane and Vallabh Chole stated. “The latter borrows a number of phrases from one other in style extension known as GoFullPage.”


The browser add-ons in query – obtainable through the Chrome Net Retailer and downloaded 1.4 million occasions – are as follows –

  • Netflix Celebration (mmnbenehknklpbendgmgngeaignppnbe) – 800,000 downloads
  • Netflix Celebration (flijfnhifgdcbhglkneplegafminjnhn) – 300,000 downloads
  • FlipShope – Worth Tracker Extension (adikhbfjdbjkhelbdnffogkobkekkkej) – 80,000 downloads
  • Full Web page Screenshot Seize – Screenshotting (pojgkmkfincpdkdgjepkmdekcahmckjp) – 200,000 downloads
  • AutoBuy Flash Gross sales (gbnahglfafmhaehbdmjedfhdmimjcbed) – 20,000 downloads

The extensions are designed to load a chunk of JavaScript that is chargeable for maintaining tabs on the web sites visited and inject malicious code into e-commerce portals, letting the attackers earn a living by way of affiliate packages for purchases made by the victims.

“Each web site visited is shipped to servers owned by the extension creator,” the researchers famous. “They do that in order that they’ll insert code into eCommerce web sites being visited. This motion modifies the cookies on the location in order that the extension authors obtain affiliate cost for any objects bought.”


Additionally included is a way that delays the malicious exercise by 15 days from the time of set up of the extension to keep away from elevating purple flags.

The findings comply with the invention of 13 Chrome browser extensions in March 2022 that had been caught redirecting customers within the U.S., Europe, and India to phishing websites and exfiltrate delicate info.

As of writing, three of the 4 extensions are nonetheless obtainable on the net retailer, with Netflix Celebration (mmnbenehknklpbendgmgngeaignppnbe) being the one add-on to be purged. Customers of the put in extensions are beneficial to manually take away them from their Chrome browser to mitigate additional dangers.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments