Researchers discovered a collection of malicious Google Chrome extensions aimed to track browsing activities on over 1.4 million devices. McAfee – a computer security company stated the objective of the scam is to change the victim’s browser cookies each time they visit an e-commerce website. This will earn the operator an affiliate fee for any sales made. Although two “Netflix Party” extensions have been deleted from the official extension store, McAfee believes the others are still accessible for download.

Google Chrome extension scam

The malicious extensions do not provide an immediate security concern because they are not meant to leak sensitive data or install malware. However, they do constitute a blatant invasion of privacy. As seen by the growing popularity of VPN services and other solutions meant to conceal web activity. Modern web users are more hesitant to share their browsing data – especially in these circumstances, one would expect.

Detecting this scam is challenging because the extensions seem legitimate and offer useful features. They provide functions like group Netflix viewing and website discounts. Users are unaware that their browsing data is sent to the extension creators’ servers. Some Google Chrome extensions delay cookie tampering to evade detection.