NCC-CSIRT raises alarm on Google Chrome extensions malware
The Computer Security Incident Response Team (NCC-CSIRT) of the Nigerian Communications Commission has issued a warning against five malicious Google Chrome Extensions that stealthily track web browsers' activity and collect their data.
Reuben Muoka, the NCC's Director of Public Affairs (DPA), announced this in a statement on Saturday in Abuja.
The McAfee Mobile Research Team, according to Muoka, uncovered the five dangerous extensions.
He listed them as Full Page Screenshot Capture Screenshotting with 200,000 downloads, Netflix Party with 800,000 downloads, Netflix Party 2 with 300,000 downloads, and Netflix Party with 800,000 downloads.
Other ones are AutoBuy Flash Sales with 20,000 downloads and the 80,000 downloads FlipShope Price Tracker Extension.
The five detected Google Chrome extensions "provide access to steal users' data" and "have a high probability, damage potential, and have been downloaded more than 1.4 million times." The cybersecurity protection team for the telecom industry warned telecom users to exercise caution when using any browser extensions.
The users of these Chrome extensions are ignorant of their privacy risks and intrusive functionality,
“Malicious extensions monitor victims’ visits to e-commerce websites and modify the visitor’s cookie to appear as if they came through a referrer link.
“Consequently, the extensions’ developers get an affiliate fee for any purchases at electronic shops,†he said.
Although the Google team removed a number of browser extensions from its Chrome Web Store, the DPA claimed that it might be challenging to keep fraudulent extensions out.
But he added that the NCC-CSIRT advised telecom users to exercise prudence while adding any browser extension.
Mouka said: “This includes removing all listed extensions from their chrome browser manually.
Internet users should carefully read the prompts from their browser extensions, such as the request for data before installation and authorization to run on any website visited.
Despite a large number of user downloads, which gives some extensions the appearance of legitimacy, these risky add-ons make it essential for users to verify the legitimacy of extensions they access.
According to Mouka, Google Chrome extensions are computer programs that may be installed in Chrome to modify the operation of the browser. This involves expanding the functionality of Chrome or altering the program's current behaviour to improve user convenience.
The Computer Security Incident Response Team (CSIRT) is the Telecom Sector's Cyber Security Incidence Center established by the NCC.
It concentrates on incidents in the telecom sector as they can affect telecom consumers and citizens in general.
0 comments