Chrome users: Delete these extensions, they’re stealing data

McAfee’s security researchers have found five Google Chrome extensions that are siphoning off browsing data.

Some of these extensions are incredibly popular, with one having over 800,000 downloads.

They’re all set up to secretly create money for the developer or whoever added the malicious code.

They analyze your browser to see if you are on an e-commerce website. If so, they inject their referrer or affiliate code into your browser cookies.

While McAfee says they’re not directly dangerous, you should still delete them.

Delete these five malicious Chrome extensions

Again, we’re putting links here to check if you have the extension installed.

Many malware-containing extensions use the same names as other legitimate extensions.

Under no circumstances should you install one of these five:

• Netflix Party (mmnbenehknklpbendgmgngeaignppnbe) – 800,000 downloads
• Netflix Party 2 (flijfnhifgdcbhglkneplegafminjnhn) – 300,000 downloads
• Full Page Screenshot Capture – Screenshotting (pojgkmkfincpdkdgjepkmdekcahmckjp) – 200,000 downloads
• FlipShope – Price Tracker Extension (adikhbfjdbjkhelbdnffogkobkekkkej) – 80,000 downloads
• AutoBuy Flash Sales (gbnahglfafmhaehbdmjedfhdmimjcbed) – 20,000 downloads

To continue the scam, the extensions all do what they say they’re supposed to. That makes it harder for users to know they’re being scammed.

All of the extensions also do something that’s not advertised.

That’s creating affiliate cash for the bad actor by injecting their affiliate codes into any online purchases you make.

While Google has removed most of these extensions from the Chrome Web Store, you still need to manually delete them from your browser.

Click on the puzzle piece icon next to the address bar

Then, Manage extensions

Remove the extensions from here

This type of malicious code injection is even harder to guard against.

The extensions worked as advertised, with useful features for the user. The reviews are mostly positive, as the affiliate scam wasn’t visible to users.

The only security advice we can give here is to ask yourself, “do you really need this extension?”

If not, remove them from Chrome, or disable them when you’re not actively using them.

Have any thoughts on this? Carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

• New Acer Chromebook is eco-friendly and repairable
• Google Chrome’s RSS reader might finally come to desktop
• TikTok’s in-app browser can track every tap you make
• Is Google Chrome’s Incognito Mode really as private as you think?

Joe Rice-Jones

Maker, meme-r, and unabashed geek with nearly half a decade of blogging experience. If it runs on electricity (or even if it doesn't), Joe probably has one around his office somewhere. His hobbies include photography, animation, and hoarding Reddit gold.