Malicious Chrome Extensions with 1.4M Installs

If you have any of the five below extensions installed in Chrome, remove them now!

The five extensions flagged by McAfee purport to offer various services, including the ability to stream Netflix videos to groups of people, take screenshots, and automatically find and apply coupon codes. Behind the scenes, company researchers said, the extensions kept a running list of each site a user visited and took additional actions when users landed on specific sites.

The extensions sent the name of each site visited to the developer-designated site d.langhort.com, along with a unique identifier and the country, city, and zip code of the visiting device. If the site visited matched a list of ecommerce sites, the developer domain instructed the extensions to insert JavaScript into the visited page. The code modified the cookies for the site so that the extension authors receive affiliate payment for any items purchased.

Name Extension ID Users
Netflix Party mmnbenehknklpbendgmgngeaignppnbe 800,000

Netflix Party 2

flijfnhifgdcbhglkneplegafminjnhn 300,000

FlipShope – Price Tracker Extension

adikhbfjdbjkhelbdnffogkobkekkkej 80,000

Full Page Screenshot Capture – Screenshotting

pojgkmkfincpdkdgjepkmdekcahmckjp 200,000
AutoBuy Flash Sales gbnahglfafmhaehbdmjedfhdmimjcbed 20,000

via ARS Technica