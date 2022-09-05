McAfee antivirus has listed five very popular extensions on the Chrome Web Store that are actually malware – software intentionally created to invade and harm your computer.

The list was released by McAfee last Monday (29). Extensions are popular and seem harmless. That’s where the cat’s leap is: as many people download, they usually appear first in Chrome’s suggestions.

“We highlight the risk of installing extensions, even those that have a large user base, as they may still contain malicious code,” the protection company warned. Ideally, be aware of permissions at the time of installation.

Sounds Good, But It Ain’t: 5 Extensions That Are malware

The two extensions that lead the list of malware are “Netflix Party” and “Netflix Party 2”, aimed at helping people in different places to watch Netflix at the same time. The Chrome Web Store removed the 1st place, which had more than 800 thousand users.

The others, however, are still active. Special attention to the “Full Page Screenshot Capture”, which claims to take screenshots: the extension is in the highlights of the Web Chrome Store and has more than 200,000 users.

remove now

The recommendation is that users remove any of these extensions if they are installed in the browser. The reason is quite simple: these extensions track all the activity of whoever is on the web.

In addition to offering original functionality – like watching a Netflix movie with more people, for example – the malware-extension sends all websites visited by users to the extension’s creator’s servers.

In doing so, the malware inserts code into e-commerce sites and modifies cookies so that extension authors receive payment from the affiliate for any purchased items.

That is, in addition to being a big hole in privacy, these extensions take advantage of your cookies to make money improperly.

Additionally, McAfee also found evidence that some of the Chrome extensions wait 15 days after installation to inject the malicious code. The hypothesis is that they do this so as not to be discovered right away.