Beware of Malicious Web Browser Extensions

Microsoft Google
Advisory ID:
September 13, 2022


In the first half of 2022, there was an increase in attempted downloads of malicious web browser extensions. These malicious extensions promise to speed up your browser but instead steal your data by redirecting users to phishing sites and inserting affiliate IDs into eCommerce site cookies. The investigation uncovered five (5) extensions with a total install base of over 1,400,000 and varying degrees of malicious capability.

Description & Consequence

The extensions provide a variety of functions, including the ability for users to watch Netflix shows together, website coupons, and website screenshots. In addition to providing the intended functionality, the extensions track the user's browsing activity. Every website visited is routed to the extension creator's servers. They do this in order to insert code into eCommerce websites that are being visited. This action modifies the site's cookies so that the extension authors receive affiliate compensation for any items purchased. Users of the extensions are unaware of this functionality and the privacy risk of every site visited being sent to the extension authors' servers. 

The five (5) extensions are Netflix Party, Netflix Party 2, FlipShope – Price Tracker Extension, Full Page Screenshot Capture – Screenshotting, and AutoBuy Flash Sales.

Some of the malicious web extensions can do some or all of the following:

  1. Spread malware.
  2. Degrade system performance.
  3. Bombard users with unwanted malicious ads.
  4. Invade users privacy.
  5. Credential theft.


  1. Only use trusted, official sources to download software and browser extensions.
  2. Always cross-check the developer of an extension and how reputable they are before downloading. Also, check user reviews.
  3. Go through the permissions the extension asks for and if something seems fishy, either disregard or perform due diligence.
  4. Only use a limited number of extensions at any particular time, and if an extension is no longer needed, remove it.
  5. Refrain from using a “crack” to gain access to paid-for software; in the world of software, nothing is ever truly free.
  6. Install an up-to-date anti-virus/anti-malware solution with an internet security component.



Related Articles