Chrome extensions with 1.4 million installs steal browsing data

Five Google Chrome extensions that stealthily track users' browsing activity have been discovered by threat specialists at McAfee.

Over 1.4 million downloads of the extensions have been made overall.

The malicious extensions track user activity on e-commerce websites and alter visitors' cookies to make it look like they arrived through a referral link.

As a result, any transactions made at electronic stores generate an affiliate fee for the authors of the extensions.

The aforementioned extensions nevertheless offer the claimed functionality, which makes it harder for victims to identify the fraudulent behaviour.

Although using them has no direct effect on users, there is a significant privacy risk.

Therefore, even if you think the functionality of any of the listed extensions is useful, it is advised that you delete them from your browser right away.

The five extensions that McAfee found all behave similarly. The multipurpose script (B0.js) that loads from the web app manifest ("manifest.json") file,