NCC alerts Nigerians on 5 malicious Google Chrome Extensions malware

 

The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has comfirmed five malicious Google Chrome Extensions that surreptitiously track online browser’s activities and steal their data and imformation.

According to NCC-CSIRT, the five malicious extensions which the McAfee Mobile Research Team earlier discovered are: Netflix Party with 800,000+ downloads, Netflix Party 2 with 300,000+ downloads, Full Page Screenshot Capture Screenshotting with 200,000 downloads, FlipShope Price Tracker Extension with 80,000 downloads, and AutoBuy Flash Sales with 20,000+ downloads.

The NCC-CSIRT said the five google chrome extensions comfrmed have a high probability and damage potential and have been downloaded more than 1.4 million times and serve as access to steal users’ data and information. The telecom sector-focused cybersecurity protection team alerted telecom consumers to be cautious when installing any browser extensions.

“The users of these chrome extensions are unaware of their invasive functionality and privacy risk. Malicious extensions monitor victims’ visits to e-commerce websites and modify the visitor’s cookie to appear as if they came through a referrer link. Consequently, the extensions’ developers get an affiliate fee for any purchases at electronic shops,” the advisory added.

In addition, the advisory stated that, although the google team removed several browser extensions from its Chrome Web Store, keeping malicious extensions out may be difficult. The NCC-CSIRT, thus, recommended that telecom consumers observe caution when installing any browser extension.

“These include removing all listed extensions from their chrome browser manually. Internet users are to pay close attention to the promptings from their browser extensions, such as the permission to run on any website visited and the data requested before installing the extension. Although, some extensions are look legit, due to the high number of user downloads, these hazardous add-ons make it imperative for users to ascertain the authenticity of extensions they access.” the advisory stated.