I just checked the original video. It works a little bit differently than plain URL replacement. They open another tab in the background and then send a manipulated URL to get the affiliate cookie set to their own. Guess it’s for the courts to decide if that is a legal practice or not. But to me it seems that the malicious extension sends a manipulated URL to the server pretending to do that on user’s behalf, without his knowledge. That is classic malware behavior.
I just checked the original video. It works a little bit differently than plain URL replacement. They open another tab in the background and then send a manipulated URL to get the affiliate cookie set to their own. Guess it’s for the courts to decide if that is a legal practice or not. But to me it seems that the malicious extension sends a manipulated URL to the server pretending to do that on user’s behalf, without his knowledge. That is classic malware behavior.
https://youtu.be/vc4yL3YTwWk?t=281