![Filehippo - Software that matters](https://news.filehippo.com/wp-content/uploads/2020/03/header-strapline.png")
Google removes original EditThisCookie instead of a fake malware
Google’s Chrome Web Store is rather infamous for hosting malicious extensions from time to time. But what it has done now could be an all-time low, even by its standards.
Eric Parker, a popular YouTuber/security researcher, discovered that an extension called EditThisCookie had been removed from the Web Store. The problem is that a similar extension, to be precise a copycat add-on exists, it’s called EditThisCookiesÂź. This is not just a copycat extension, it is a malware. And Google has not removed the extension from the Web Store, instead it removed the original add-on, which is safe and boasted a user base with 3 million users.
The malicious extension, EditThisCookiesÂź, was formerly called EditThisCookies. The security researcher found that the extension had a fake website. Digging deeper into the add-on’s code, he unearthed obfuscated code, and coding that targeted the user’s data from Facebook. The malware also contained code related to displaying advertisements, and phishing attacks. While the add-on did not contain code that extracted data from cookies, an update to the extension could potentially add more malicious capabilities, putting user data at risk.
As for why the original add-on was removed, it seems that EditThisCookie does not support Manifest V3, which happens to be the same API which killed ad blockers like uBlock Origin.
Microsoft thinks displaying a pop-up ad for Xbox PC Game Pass on Windows 11 is a good idea
Microsoft wants more users to try Xbox PC Game Pass, and convince them to buy a subscription for the service. And the best way to do that is apparently to display an ad on Windows 11. Reports reveal that the operating system is displaying a pop-up notification to promote Xbox PC Game Pass.
Yet another ad, is how users must feel when reading about this. Who else is to blame for this but Microsoft? Windows 11 displays several types of ads, there are some in the Start Menu, File Explorer, Outlook app that promote Microsoft 365. The Weather app, which comes preinstalled with the OS, displays ads. Windows 11 also aggressively promotes Microsoft Edge over other browsers, and displays pop-ups and recommendations to try and get the user to set it as the default browser.
As for the new Xbox PC Game Pass pop-up ad, Microsoft denied that these were ads, and prefers to call them as suggestions and tips. Windows 11 users would disagree with that. Fortunately, you can turn off such notifications from the Windows 11 Settings app.
Honey team’s Pie Adblock stole code from uBlock Origin
Honey is in the news for the wrong reasons again. The service, which offers online coupons to help users save money on shopping websites, was recently found to be cheating affiliate marketers and users, by replacing affiliate cookies with its own. This would allow it to earn money instead of the affiliates, and it also turns out that Honey did not display the best coupons available, instead promoting coupons from its partners, potentially causing users to spend more money than they would have with a better discount.
Now, developers have discovered that the Pie AdBlock extension, is stealing code from uBlock Origin. Pie AdBlock, not to be confused with Pi-Hole, was created by the same people behind Honey. Pie AdBlock is a closed-source extension, whereas uBlock Origin is open-source. Both content blockers use lists that were created and are maintained by the uBlock Origin team, who are mostly volunteers. These lists also called filter lists, enable the add-on to block various ads across websites. Honey’s Pie AdBlock has reportedly stolen these lists, that are licensed under the GNU General Public License (GPL), and used it in its own add-on that uses its own license.
Deriving code, or copying something that uses GPL in a non-GPL product, violates the agreement, and is unlawful. Some users alleged that Pie AdBlock replaces some ads to promote others. uBlock Origin’s developers have criticized Pie AdBlock’s unethical practices, but it is unclear what the outcome of this new controversy could be.
Even ESET thinks switching to Linux is better than sticking with Windows 10
Windows 10 will reach its end of life support in October 2025. Millions of users around the world still use the operating system, for various reasons. Some users do not like Windows 11 due to advertisements, and potential performance degradation. Others cannot upgrade their computers to Windows 11 due to some strict system requirements, notably TPM 2.0. Microsoft has made it clear that it will not reduce the requirements, and that users should upgrade their PC or buy a new computer that supports Trusted Platform Module 2.0, to ensure the safety and security of their data.
Not everyone has the financial capability to upgrade their PC, even partially, let alone splurge on a brand-new system. This would leave millions of users stuck on Windows 10. A security researcher at ESET has published a support document on the company’s website, which outlines the risks of sticking with an outdated operating system. It highlights the possibilities of security vulnerabilities that could be exploited by threat actors. ESET’s article recommends users to upgrade to Windows 11, but also notes that switching to Linux is also a good idea for older computers, i.e. those that don’t support TPM 2.0.
These Chrome extensions were injected with malware
Hackers have managed to breach a cybersecurity company called Cyberhaven, and injected malicious code into its Chrome extension. The organization confirmed that it discovered the attack on December 25, 2024, just a day after the breach took place. According to the company’s report, the threat actors published the malicious extension to target logins of some websites, including AI platforms and social networks including Facebook. Cyberhaven managed to take down the malicious extension from the Chrome Web Store, and published a clean version of its add-on. The company has alerted its users, and advised them to reset/change their passwords.
What is interesting here is that this was not an isolated case, at least three other extensions were found to be targeted by similar attacks in December. These include ParrotTalks, Uvoice, and VPNCity. Chrome users are advised to check whether they have one of the extensions installed on their PC, and take action as necessary.