Nigerians have been urged by the Nigerian Communication Commission, NCC, to immediately uninstall five Google Chrome extensions that “stealthily track internet browser activity:” and take data from users’ devices.
The warning follows the discovery of five malicious Google Chrome Extensions that track and steal data by The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT).
In a statement posted on the NCC’s official website, Reuben Muoka, Director, Public Affairs, issued the warning and named the malicious extensions to include Netflix Party (800,000 downloads), Netflix Party 2 (300,000 downloads), Full Page Screenshot Capture Screenshotting (200,000 downloads), FlipShope Price Tracker Extension (80,000 downloads), and AutoBuy Flash Sales (80,000 downloads).
“The users of these chrome extensions are unaware of their invasive functionality and privacy risk. Malicious extensions monitor victims’ visits to e-commerce websites and modify the visitor’s cookie to appear as if they came through a referrer link. Consequently, the extensions’ developers get an affiliate fee for any purchases at electronic shops,” the advisory said.
According to the NCC-CSIRT, the five Google Chrome extensions identified have a high probability and damage potential and have been downloaded more than 1.4 million times.
It further explained that the malicious extensions allow hackers access to steal users’ data. The telecom sector-focused cybersecurity protection team warned telecom customers to be cautious when installing any browser extension.
Further noting that the Google team deleted a number of browser extensions from its Chrome Web Store, it however advised users to exercise caution when using browser extensions saying that it might be challenging to keep malicious extensions out.
“These include removing all listed extensions from their chrome browser manually. Internet users are to pay close attention to the promptings from their browser extensions, such as the permission to run on any website visited and the data requested before installing it. Although some extensions are seemingly legit, due to the high number of user downloads, these hazardous add-ons make it imperative for users to ascertain the authenticity of extensions they access.” the advisory stated.
Extensions for Google Chrome are programs that can be added to alter the functionality of the browser. This includes enhancing Chrome with new features and improving the program’s functionality overall to make it more user-friendly. They can be used to block ads, integrate with password managers, or find coupons to add to a shopping cart, among other things.
The NCC established the Computer Security Incident Response Team (CSIRT) as the telecom industry’s cyber security incident centre to focus on problems in the telecom sector and as they may affect consumers of telecom services as well as the general public.