Malicious EditThisCookie Extension Attacking Chrome Users to Steal Data

The popular cookie management extension EditThisCookie has been the target of a malicious impersonation. Originally a trusted tool for Chrome users, EditThisCookie allowed users to manage cookie data in their browsers.

However, after significant scrutiny, the legitimate version has been removed from the Chrome Web Store, leaving users vulnerable to a fake extension that has gained traction under the name EditThisCookie®.

The Rise of the Fake Extension

With over 3 million users and 11,000 ratings, the original EditThisCookie extension was a staple for users looking to manipulate their browser cookies. However, it has been replaced on the marketplace by a copycat extension that has now attracted over 50,000 users.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

This counterfeit version, initially known as EditThisCookies, has shown alarming signs of malicious behavior, as revealed by malware investigator Eric Parker in a recent YouTube analysis.

As per report by GHacks, Parker’s examination of the extension uncovered a series of concerning traits, including:

• Fake Website: The malicious extension operates a fraudulent website designed to mislead users.
• Obfuscated Code: To evade detection, the code within the extension is deliberately complicated and difficult to read.
• Data Theft Mechanisms: Notably, the extension includes functionality aimed at stealing user information, particularly when accessing sites like Facebook.
• Phishing Attempts: Users may be subject to phishing scams orchestrated through the extension.
• Advertising Features: The extension also appears to contain code intended for serving advertisements.

While Parker did not find evidence indicating that session cookies were being directly exfiltrated, the presence of potentially harmful functionalities raises serious concerns for users.

Chrome users are urged to take immediate action to secure their browsers. To check for the malicious version of the extension, open the Chrome address bar and type chrome://extensions/ to view your installed extensions.

If you spot EditThisCookies or EditThisCookie®, it is crucial to remove it without delay. For those seeking a legitimate alternative, Cookie Editor has emerged as a recommended choice for cookie management.

The disappearance of the legitimate EditThisCookie extension remains enigmatic. Some experts speculate that it was removed due to its failure to comply with Chrome’s new Manifest V3 requirements, which may have left a gap for malicious copies to thrive.

History has shown that similar issues plagued the store in the past, where many fake versions of popular extensions like uBlock Origin flooded the marketplace.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!