A malicious copycat of the popular “EditThisCookie” extension has been discovered stealing login credentials and engaging in phishing activities.
The legitimate EditThisCookie extension, which had over 3 million users and 11,000 ratings, was recently removed from the Chrome Web Store, leaving behind a fake version called “EditThisCookie®” that poses significant security risks.
The Rise Of The Fake Extension
The original EditThisCookie was a trusted tool for managing browser cookies. However, its removal from the Chrome Web Store—likely due to its incompatibility with Google’s new Manifest V3 extension framework—created an opportunity for cybercriminals.
They launched a fraudulent version of the extension, initially named “EditThisCookies” and later rebranded as “EditThisCookie®.”
Despite its malicious nature, this fake extension remains available on the Chrome Web Store and has grown in popularity, now boasting over 50,000 users.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
Eric Parker, a well-known malware analyst, exposed the dangers of the fake extension in a detailed YouTube video. His analysis revealed several alarming features embedded in the extension’s obfuscated code:
- A fake website linked to the extension.
- Code designed to steal sensitive information, particularly from Facebook accounts.
- Phishing mechanisms targeting user credentials.
- Advertising scripts to generate revenue for attackers.
While Parker did not find evidence of cookie exfiltration in the current version of the extension, he warned that future updates could introduce even more harmful capabilities.
Automatic updates in Chrome could allow attackers to expand their reach without users’ knowledge.
The malicious EditThisCookie® extension highlights ongoing challenges with Google’s Chrome Web Store. The platform has faced criticism for hosting deceptive extensions in the past.
The removal of legitimate extensions like EditThisCookie—potentially due to their lack of Manifest V3 support—has inadvertently created opportunities for bad actors to exploit unsuspecting users.
Manifest V3, touted as a more secure framework, has been controversial. Critics argue that it limits functionality for developers while failing to address core security issues.
For example, while legitimate extensions like uBlock Origin and EditThisCookie have struggled to adapt to Manifest V3 requirements, malicious developers have been quick to exploit these gaps by creating compliant but harmful alternatives.
Protecting Yourself
Chrome users are urged to take immediate action to safeguard their data:
- Check Installed Extensions: Navigate to `chrome://extensions/` in your browser and review all installed add-ons. If you see “EditThisCookies” or “EditThisCookie®,” remove it immediately.
- Stay Informed: Regularly monitor updates on browser security and verify extensions before installation. Look for trusted reviews and avoid extensions with suspicious permissions or unclear origins.
- Enable Enhanced Safe Browsing: This Chrome feature can help detect and disable malicious extensions automatically.
- Consider Alternatives: Tools like “Cookie Editor” offer similar functionality without the associated risks.
The situation underscores significant flaws in Google’s handling of its Chrome Web Store.
While Google has introduced measures like Enhanced Safe Browsing and notifications about removed extensions, these efforts appear insufficient against sophisticated threats like fake extensions.
The company must strengthen its vetting process and improve transparency around removals to prevent similar incidents in the future.
The malicious EditThisCookie® extension highlights the dangers associated with browser add-ons. Users must remain vigilant when installing extensions and regularly audit their browser settings for potential threats.
Meanwhile, Google faces increasing pressure to address systemic issues within its Chrome Web Store to ensure user safety.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!