Multi-Device Licenses (Volume Discounts)
Threat Database Potentially Unwanted Programs Netflix Party

Netflix Party

By Mezo in Potentially Unwanted Programs
Translate To:
English

The Netflix Party is an intrusive browser extension that monitors the browsing activities carried via the affected browser. The goal of the application's operators is to earn fraudulent commission fees. According to the cybersecurity researchers at McAfee who discovered 5 such extensions with similar behavior, the Netflix Party has managed to amass over 800 000 downloads. The total number of downloads for all 5 applications exceeds 1.4 million.

To avoid creating any suspicion, the Netflix Party and the other extensions all carry the advertised functionality. Furthermore, they may have a significant delay between the time they are installed and the moment they activate their data-tracking functionalities, in some instances reaching up to 15 days. 

When activated, Netflix Party's manifest file ('manifest.json') will load a multifunctional script contained in a file named 'B0.js.' In turn, the script will send the acquired browsing data to a domain under the attackers' control. The gathered information includes user ID, device location with its country, city, and zip code, and a referral URL. 

The Netflix Party will continuously compare the sites visited by users with a list of websites with which the application's operators have an active affiliation, typically e-commerce platforms. If such a match occurs, the server will send instructions to the extension's B0.js file and cause it to act in one of two ways. It may order the script to inject a provided URL, which is the referral link, as an iframe on the website opened by the user. Alternatively, the script will modify or replace the associated cookie with a new one provided by the server. This functionality will only be possible if the Netflix Party has been granted the appropriate permissions to act.  

The Netflix Party has already been removed by Google, but users who have already downloaded the application must do so manually. Even though the extension doesn't cause direct harm to the system it is installed on, keeping such applications could lead to security or privacy risks. 

Trending

Most Viewed

Loading...