Daily Tech News, Interviews, Reviews and Updates

Chrome Extensions that Insert Code Into eCommerce Sites Are Used By 1.4 Million Users

The Chrome extensions can change cookies on eCommerce websites so that their author obtains affiliate income for the purchased items, without the victim’s awareness, and they have a total install base of over 1.4 million.

The five malicious add-ons allow users to track online prices and coupons, watch Netflix shows with friends (Netflix Party and Netflix Party 2, with a combined install base of 1.1 million), take screenshots, and watch Netflix together (Full Page Screenshot Capture – Screenshotting, with 200,000 installs).

When a user views a new URL in a tab, the extensions subscribe to events that are triggered so they can send tracking information to the creator’s server, which determines whether the user has visited a website for which an affiliate ID is present.

Based on the server’s answer, the extension can inject an iframe URL and a cookie with the extension developer’s affiliate ID into the target website. The extension developer will then receive a commission for any purchases that users make on the target website.

Get real time updates directly on you device, subscribe now.



You might also like