Threat Actor: Malicious Developers | malicious developers
Victim: Internet Users | internet users
Key Point :
- EditThisCookie, a widely used cookie management extension, was removed from the Chrome Web Store.
- A malicious version named EditThisCookie® was found to steal cookies and post phishing content.
- Approximately 30,000 installations of the malicious extension occurred before its removal.
- Users are advised to check their extensions and remove any fake versions immediately.
- The original EditThisCookie extension is still available for download on GitHub.
EditThisCookie, a browser extension with over 3 million downloads, primarily used for editing local cookie files, has been removed from the Chrome Web Store due to its reliance on the Manifest v2 framework.
In its place, a new extension named EditThisCookie® has emerged, developed with Manifest v3, which allows it to remain on the store. However, this replacement not only mimics the original’s name and design but also contains malicious code designed to steal user cookies and even post phishing content through their social media accounts.
Before Google’s removal, the malicious extension had been installed approximately 30,000 times. User reviews flagged issues, prompting Google to take action and remove it following the report.
If you currently use the EditThisCookie extension, it is advisable to check your extensions management page. If you find EditThisCookie® installed, delete it immediately, as it is a fake version.
The original EditThisCookie extension is still available for download on GitHub. After downloading, users can manually unpack and install it via Chrome’s extension management page. Though Chrome may warn that it is a Manifest v2-based extension, this can be safely ignored as long as the deletion button is avoided.
Related Posts:
Source:
https://securityonline.info/beware-fake-editthiscookie-extension-steals-user-data