“Netflix Party” & 4 More Chrome Extension Steals Browsing Data

Hello Dear Friends welcome to Gadgetninety today in this article we are talking about “Netflix Party” & 4 More Chrome Extension Steals Browsing Data. The McAfee report claimed that it found five Google Chrome Extensions with over 1.4 million downloads collecting user browsing data.

These extensions include Netflix Party, Netflix Party 2, Full Page Screenshot Capture – Screenshotting, FlipShope – Price Tracker Extension and AutoBuy Flash Sales.

“Netflix Party” & 4 More Chrome Extension Steals Browsing Data

The purpose of the malicious extensions is to monitor when users visit e-commerce website and to modify the visitor’s cookie to appear as if they came through a referrer link. For this, the authors of the extensions get an affiliate fee for any purchases at electronic shops.

Chrome extensions will show what data they collect from users. Google will add a “Privacy practices” section on each Chrome extension’s Web Store page listing what data they collect from users and what the developer plans to do with it.

Also read this : How to Delete Your Reddit Search History in 2022

Five Extensions, Including “Netflix Party,” Are Found As Malware

The report claimed that these extensions loaded a multifunctional script that sends the browsing data to a domain that is controlled by the attackers.

Users’ browsing data is sent to this domain every time they visit a new URL. The information included the user ID, device location, country, zip code, and an encoded referral URL.

“Netflix Party” & 4 More Chrome Extension Steals Browsing Data


Some days back, threat analysts at malware & security protection company McAfee examined some extensions and found that they were stealing user’s browsing activity.

Also, some of the extensions from this list are found to be doing Cookie Stuffing for injecting their Affiliate ID, which was completely hidden and hard for users to notice before this report.

First, let me tell you the name of these extensions, and I recommend you stop using these extensions. If you’ve installed them in your browser, even if it is Chrome or Edge, uninstall them to keep your browsing safe.

a. Netflix Party, which is used for creating watch parties for watching shows with friends and this extension, has been downloaded over 800,000 times.

b. Netflix Party 2 is a parallel extension of the first one with 300,000 downloads. Also read this –  Pixel 7 and Pixel 7 Pro colors: all the official hues

c. Full Page Screenshot Capture – Screenshotting is just a normal screenshot extension for the browser, and it has been downloaded 200,000 times. While Chrome already has its own screenshot tool.

d. FlipShope – Price Tracker Extension provides shopping coupons and real-time price details from some shopping sites, with over 80,000 downloads.

e. AutoBuy Flash Sales was also doing the same shopping coupon system, which has been downloaded over 20,000 times.

And these sites not only stop Affiliate ID injecting, but they also steal the data of users in hidden and different ways as they are found doing this kind of scam.

Besides, Google removed all these extensions from their Web Store when they discovered all these details. And you can also check out the complete report from McAfee to know more.

How the extensions work

All five extensions discovered by McAfee have a similar behavior. The web app manifest (“manifest.json” file), which dictates how the extension should behave on the system, loads a multifunctional script (B0.js) that sends the browsing data to a domain the attackers control (“langhort[.]com”).

Netflix Play, Netflix Play 2 and AutoBuy Flash Sales have been removed from the Play Store. However, the other two extensions are still available for download. 

The data is delivered through via POST requests each time the user visits a new URL. The info reaching the fraudster includes the URL in base64 form, the user ID, device location (country, city, zip code), and an encoded referral URL.

If the visited website matches any entries on a list of websites for which the extension author has an active affiliation, the server responds to B0.js with one of two possible functions.

The first one, “Result[‘c’] – passf_url “, orders the script to insert the provided URL (referral link) as an iframe on the visited website.

The second, “Result[‘e’] setCookie”, orders B0.js to modify the cookie or replace it with the provided one if the extension has been granted with the associated permissions to perform this action.

Also read this : How to back up and restore your WhatsApp chats with Google Drive

All the information on this website  is published in good faith and for general information purpose only. Gadgetninety.in does not make any warranties about the completeness, reliability, and accuracy of this information.

Thanking for giving you the most precious time to read this post. If you like the post please share so that many of the people know about the news. if you want to get post some new topic please contact me to using the contact us Form


4 thoughts on ““Netflix Party” & 4 More Chrome Extension Steals Browsing Data”

Leave a Comment