- A fake version of “EditThisCookie” is stealing user data, affecting 50,000+ Chrome users.
- The original extension’s removal created an opening for this malicious copy.
- Analysts found code for stealing logins, phishing, and connecting to a fake website, worsened by Chrome’s auto-updates.
A dangerous fake version of EditThisCookie has appeared in the Chrome Web Store. This malicious extension steals user passwords and conducts phishing attacks, posing serious security threats.
Recently over 600,000 users were exposed to a cyberattack on 16 Chrome Extensions. Now this malicious EditThisCookie extension has impacted over 50,000 users and remains active on the Chrome Web Store.
In the past, Google removed the original EditThisCookie extension from the Chrome Web Store. The legitimate version had 3 million users and 11,000 ratings. After this removal, cybercriminals created a copycat extension named “EditThisCookie®.”
Legit EditThisCookie Extension removed
The legit EditThisCookie, with over 3 million users, was a popular Chrome extension used to manage browser cookies. But, recently Google removed the extension since it was having compatibility issues with Google’s Manifest V3 framework. This left a gap for a fake version, “EditThisCookie®,” to appear.
Fake Extension Replacement
After the removal of the “EditThisCookie” extension, attackers distribute a fraudulent version named “EditThisCookie®.” Initially labeled “EditThisCookies,” the fake extension was later rebranded as “EditThisCookie®.” Despite its harmful intent, it has attracted tens of thousands of users. This fake extension has over 50,000 users and steals information, including Facebook logins.
Key Risks Highlighted by Analysts
Malware analyst Eric Parker discovered multiple security threats in its code:
- The extension connects to a fraudulent website that captures user data
- The code contains specific functions to steal Facebook login information
- The extension runs phishing operations to collect user passwords
- Advertising scripts generate money for the attackers
Besides everything, Chrome’s automatic update system makes this threat more serious. The attackers can add new harmful features without users noticing the changes.
Not the first time
This is not the first time the Chrome Web Store has failed to stop fake extensions. Recently, 35 Chrome extensions were hacked, exposing 2 million users. Now, Google’s new Manifest V3 framework has created additional problems. This framework forces legitimate extensions to make major changes. Meanwhile, malicious developers create dangerous extensions that follow the new rules.
How to stay safe?
To avoid such fake extension hacks and scams, Chrome users should take several precautions. First, carefully examine your installed extensions. To do so, go to “chrome://extensions/” in your browser and uninstall any extensions named “EditThisCookie” or “EditThisCookie®.”
Second, be cautious when installing new extensions, such as checking reviews and permissions beforehand, and avoid those with ambiguous origins or suspicious requirements.
Additionally, users can enable Chrome’s Enhanced Safe Browsing feature, which automatically detects and disables malicious extensions. Finally, consider using a secure cookie management tool like the “Cookie Editor,” which provides similar functionality without the risks associated with fake extensions.
0
Chandramohan Rajput is the Senior Editor of Extension Garden, where he has been covering Chrome extensions, tech news, and in-depth how-tos since 2019. When he's not exploring new tech, you can find him playing cricket or immersed in Counter-Strike 2.
