scorecard
  1. Home
  2. tech
  3. news
  4. Google Chrome extensions are being used to track user activity and earn affiliate commission, says a McAfee report

Google Chrome extensions are being used to track user activity and earn affiliate commission, says a McAfee report

Google Chrome extensions are being used to track user activity and earn affiliate commission, says a McAfee report
Tech2 min read
  • A McAfee report has revealed that malicious Google Chrome extensions are being used to track users and earn affiliate commission.
  • The company has identified five extensions with over 1.4 million downloads.
  • The extensions reportedly add code when a user visits e-commerce websites, allowing the creator to earn affiliate commission.
A report by cyber security company McAfee has revealed that several malicious Google Chrome extensions are being used to track user activity and insert code into websites.

According to the McAfee report, the company has found five Google Chrome extensions that have been collectively downloaded over 1.4 million times. The extensions offer features such as allowing users to watch Netflix with their friends, capture full-page screenshots and track prices on e-commerce websites.
What are the extensions doing?
According to McAfee, the Google Chrome extensions track users’ browsing activity and send a list of websites that the extension’s creator visits. Then, the extension is used to insert code into the e-commerce websites being visited, allowing the creator to receive affiliate payments from the e-commerce websites.
Extensions used to insert code
The extensions being used to track user’s activity and insert code are –

Extension

Downloads

Netflix Party

800,000

Netflix Party 2

300,000

FlipShope - Price Tracker Extension

80,000

Full Page Screenshot Capture - Screenshotting

200,000

AutoBuy Flash Sales

20,000


The users of these extensions are reportedly unaware that these extensions are being used to track their activity and insert code for affiliate commission.

“The users of the extensions are unaware of this functionality and the privacy risk of every site being visited being sent to the servers of the extension authors,” McAfee said in its blog post.

Some extensions reportedly use “time delays” to avoid detection.

“We discovered an interesting trick in a few of the extensions that would prevent malicious activity from being identified in automated analysis environments. They contained a time check before they would perform any malicious activity. This was done by checking if the current date is > 15 days from the time of installation,” McAfee added.

McAfee, in its post, has also advised users to be cautious while installing extensions on their devices and asked users to verify the permissions being requested by the extensions.

SEE ALSO:

Tejas Mark-2 project reportedly approved by the Cabinet Committee on Security

Amid reports of ban on Chinese budget smartphones, Mukesh Ambani reveals Reliance Jio and Google are working on an affordable 5G smartphone

Google foldable phone patent spotted, expected to launch next year

READ MORE ARTICLES ON


Advertisement

Advertisement