Extensions for Google Chrome are meant to improve the browsing experience, but not all of them can be relied upon. The Chrome Web Store is not a location to find harmless Google products, despite the company’s best efforts. Like the Play Store and the App Store from Apple, not all apps are thoroughly screened before being made available to the public.
Two unofficial “Netflix” add-ons have just been discovered in a new batch of malware that pretends to be official add-ons. There can’t possibly be a successful extension among the estimated 137,000 that are available for Google Chrome.
While the vast majority are helpful, secure, and occasionally even entertaining, some services just as Trojan horses for spyware, invasive analytics, and fraudulent schemes. They’re typically simple to recognize, but a small number of widely used choices have reportedly been conducting covert, stealthy operations involving their combined 1.4 million users.
If a user went to a certain website, for instance, the extension in question would add some code to the browser’s cookie file to alter the domain’s cookies so that the extension’s creators could earn commissions on any transactions made. The add-ons also transmitted location data, such as a device’s nation, city, and zip code.
This Netflix Party add-on should not be confused with the popular Teleparty add-on, which has been downloaded over 10 million times and is now known as Netflix Party. Using Telepathy is still risk-free at this time.
According to Ars Technica, a Google representative has confirmed that the five extensions in question have been removed from the Chrome Web Store. However, if you have previously installed one of these programs, you will need to remove the extensions manually.
Every piece of technology faces a constant uphill battle against malicious software. However, there are several steps you can do to improve your personal online safety; for example, you can consult PopSci’s helpful guide to removing malware.