Researchers at McAfee revealed a rare malware application in five Chrome extensions with 1.4 million downloads. Scammers spread the extensions to dupe e-commerce websites.

The method is uncommon. The malicious extensions lie in wait for the moment an infected user navigates to an e-commerce website. The user’s cookie data is then changed to give the impression that the user visited the e-commerce website via an affiliate URL

Affiliate marketing is a common tactic among e-commerce websites. The firms pay fees to partners that send potential customers to their website. The partner receives an affiliate URL, distributes the URL and gets paid for every visitor that visits through the URL and places an order.

The partner is supposed to spread the affiliate URL through other websites and online content. As a result, the e-commerce website gains traffic. Scammers abuse the system by changing the cookie data of infected users to affiliate URLs. The scammers get compensated for customers that never used an affiliate URL. The e-commerce website pays and gains nothing in return.

Five Chrome extensions

Researchers at McAfee discovered five Chrome extensions that abuse affiliate marketing: Netflix Party (800,000 downloads), Netflix Party 2 (300,000), Full Page Screenshot Capture (200,000), FlipShope Price Tracker Extension (80,000) and AutoBuy Flash Sales (20,000).

The extensions deliver what’s promised. Netflix Party allows multiple users to stream Netflix content, FlipShope applies coupon codes and AutoBuy automates the purchase of discounted products. Users have no idea of the extensions’ actual function. In fact, most are satisfied, according to the positive reviews.

At the time of writing, four of the five extensions remain available on the Chrome Store. Netflix Party was the only extension removed. Despite its removal from the store, the extension remains installed for existing users. Their online purchases directly contribute to the income of online scammers. McAfee urges Google and users to permanently remove the extensions.

Tip: AWS anchors security even more firmly in cloud infrastructure