Specialists Discover Malicious Cookie Stuffing Chrome Extensions Utilized by 1.4 Million Customers

5 imposter extensions for the Google Chrome internet browser masquerading as Netflix viewers and others have been discovered to trace customers’ searching exercise and revenue of retail affiliate applications.

“The extensions provide numerous capabilities similar to enabling customers to observe Netflix exhibits collectively, web site coupons, and taking screenshots of an internet site,” McAfee researchers Oliver Devane and Vallabh Chole mentioned. “The latter borrows a number of phrases from one other well-liked extension known as GoFullPage.”


The browser add-ons in query – out there by way of the Chrome Internet Retailer and downloaded 1.4 million instances – are as follows –

  • Netflix Social gathering (mmnbenehknklpbendgmgngeaignppnbe) – 800,000 downloads
  • Netflix Social gathering (flijfnhifgdcbhglkneplegafminjnhn) – 300,000 downloads
  • FlipShope – Worth Tracker Extension (adikhbfjdbjkhelbdnffogkobkekkkej) – 80,000 downloads
  • Full Web page Screenshot Seize – Screenshotting (pojgkmkfincpdkdgjepkmdekcahmckjp) – 200,000 downloads
  • AutoBuy Flash Gross sales (gbnahglfafmhaehbdmjedfhdmimjcbed) – 20,000 downloads

The extensions are designed to load a chunk of JavaScript that is accountable for protecting tabs on the web sites visited and inject malicious code into e-commerce portals, letting the attackers make cash via affiliate applications for purchases made by the victims.

“Each web site visited is distributed to servers owned by the extension creator,” the researchers famous. “They do that in order that they’ll insert code into eCommerce web sites being visited. This motion modifies the cookies on the positioning in order that the extension authors obtain affiliate fee for any objects bought.”


Additionally included is a way that delays the malicious exercise by 15 days from the time of set up of the extension to keep away from elevating purple flags.

The findings observe the invention of 13 Chrome browser extensions in March 2022 that have been caught redirecting customers within the U.S., Europe, and India to phishing websites and exfiltrate delicate info.

As of writing, three of the 4 extensions are nonetheless out there on the net retailer, with Netflix Social gathering (mmnbenehknklpbendgmgngeaignppnbe) being the one add-on to be purged. Customers of the put in extensions are advisable to manually take away them from their Chrome browser to mitigate additional dangers.

Latest articles

Related articles

Leave a reply

Please enter your comment!
Please enter your name here