Consultants Discover Malicious Cookie Stuffing Chrome Extensions Utilized by 1.4 Million Customers

5 imposter extensions for the Google Chrome net browser masquerading as Netflix viewers and others have been discovered to trace customers’ shopping exercise and revenue off retail affiliate packages.

“The extensions supply varied features reminiscent of enabling customers to look at Netflix exhibits collectively, web site coupons, and taking screenshots of a web site,” McAfee researchers Oliver Devane and Vallabh Chole stated. “The latter borrows a number of phrases from one other in style extension known as GoFullPage.”


The browser add-ons in query – accessible through the Chrome Net Retailer and downloaded 1.4 million occasions – are as follows –

  • Netflix Celebration (mmnbenehknklpbendgmgngeaignppnbe) – 800,000 downloads
  • Netflix Celebration (flijfnhifgdcbhglkneplegafminjnhn) – 300,000 downloads
  • FlipShope – Value Tracker Extension (adikhbfjdbjkhelbdnffogkobkekkkej) – 80,000 downloads
  • Full Web page Screenshot Seize – Screenshotting (pojgkmkfincpdkdgjepkmdekcahmckjp) – 200,000 downloads
  • AutoBuy Flash Gross sales (gbnahglfafmhaehbdmjedfhdmimjcbed) – 20,000 downloads

The extensions are designed to load a chunk of JavaScript that is accountable for retaining tabs on the web sites visited and inject malicious code into e-commerce portals, letting the attackers generate income by means of affiliate packages for purchases made by the victims.

“Each web site visited is distributed to servers owned by the extension creator,” the researchers famous. “They do that in order that they’ll insert code into eCommerce web sites being visited. This motion modifies the cookies on the location in order that the extension authors obtain affiliate fee for any objects bought.”


Additionally integrated within the malware is a method that delays the malicious exercise by 15 days from the time of set up of the extension to assist preserve its exercise live performance and keep away from elevating crimson flags.

The findings comply with the invention of 13 Chrome browser extensions in March 2022 that have been caught redirecting customers within the U.S., Europe, and India to phishing websites and exfiltrate delicate info.

As of Wednesday, all of the 5 add-ons have been faraway from the Chrome Net Retailer. That stated, customers of the put in extensions are advisable to manually take away them from their Chrome browser to mitigate additional dangers.

Supply hyperlink

Previous post European Nikola Tre FCEV Beta Model to Debut at IAA Transportation in Hanover, Germany on Sept. 19
Next post moss: British supermodel Kate Moss launches wellness model ‘Cosmoss’