What are "Cookie Stuffing Browser Extensions"?
"Cookie Stuffing Browser Extensions" refers to malicious browser extensions designed to insert affiliate IDs into the Internet cookies of specific websites.
We have inspected four such extensions. "AutoBuy Flash Sales, Deals, and Coupons" - with the promised functionality of making automatic purchases on limited-time offers. "FlipShope - Price Tracker Extension" - capable of tracking and notifying users when discounts and other deals are available.
"Full Page Screenshot Capture - Screenshotting" - webpage screenshot taking and editing tool. "Netflix Party" - allowing users to remotely group-watch Netflix shows.
It must be stressed that the features offered by such software seldom work as promised, and in most cases - they do not work at all. These four extensions placed affiliate IDs into popular e-commerce website cookies. Furthermore, they all have data tracking abilities.
Cookie stuffing browser extension overview
The extensions within this category operate by injecting content into browser cookies. The four that we analyzed ("AutoBuy Flash Sales, Deals, and Coupons", "FlipShope - Price Tracker Extension", "Full Page Screenshot Capture - Screenshotting", and "Netflix Party") inserted affiliate IDs into the cookies of e-commerce (online shopping platform) websites.
The goal of this rogue software is to sneak in affiliate IDs into shopping sites, so that when the user makes any purchase - the developers would earn a commission. In other words, the cyber criminals will generate revenue whenever the user buys something.
It is noteworthy that some cookie stuffing extensions (e.g., "FlipShope - Price Tracker Extension") can display spam browser notifications and/or manage clipboard (copy-paste buffer) data. The latter can mean that the extension will operate as a clipboard hijacker for content copied/pasted into webpages. In most cases, these hijackers work as clippers - a type of malware designed to detect and replace cryptocurrency wallet addresses.
Furthermore, cookie stuffing browser extensions have data tracking functionalities. While the primary goal is to obtain data related to the e-commerce platforms users frequent, it is possible that the extension might collect other information as well.
Data of interest might include personally identifiable details, account log-in credentials (usernames/passwords), credit card numbers, and so on. The collected information may be monetized via sale to third-parties (potentially, cyber criminals).
To summarize, the presence of cookie stuffing browser extensions may lead to system infections, severe privacy issues, financial losses, and identity theft.
|Name||cookie stuffing browser extension adware|
|Threat Type||Cookie Stuffing Browser Extension, Malicious Extension, Adware, Unwanted Ads, Pop-Up Virus|
|Browser Extension(s)||"AutoBuy Flash Sales, Deals, and Coupons", "FlipShope - Price Tracker Extension", "Full Page Screenshot Capture - Screenshotting", "Netflix Party", and many other|
|Supposed Functionality||Auto-buy on flash offers; tracking/notifying on deals/discounts; website screenshot taking/editing; remote group-watching Netflix, and many other depending on the malicious extension|
|Symptoms||Seeing unsearched products on e-commerce websites, advertisements not originating from the sites you are browsing. Intrusive pop-up ads. Decreased Internet browsing speed.|
|Distribution Methods||Deceptive pop-up ads, free software installers (bundling), fake Flash Player installers.|
|Damage||Decreased computer performance, browser tracking - privacy issues, possible additional malware infections.|
|Malware Removal (Windows)||
To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
Malicious browser extension examples
We have analyzed countless harmful browser extensions. The most common types include adware (e.g., Mega Colors, Video Downloader, View-Dark, etc.) and browser hijackers (e.g., Baro box, Internet Download Manager, Extension Settings, etc.).
This software typically lures users into download/installation with a wide variety of "useful" and "advantageous" features. However, these functions are usually nonoperational. Instead, unwanted extensions can display deceptive/dangerous ads, cause redirects to fake search engines or phishing/malicious sites, collect (and sell) private data, and so forth.
How did cookie stuffing browser extensions install on my computer?
Malicious browser extensions are distributed using various questionable and deceptive methods. The four we inspected had "official" promotional pages. In addition to such webpages, this software is pushed through scam sites.
Users typically enter such websites via redirects caused by pages using rogue advertising networks, mistyped URLs, spam browser notifications, intrusive ads, or installed adware.
Furthermore, intrusive advertisements proliferate unwanted/malicious software. Some of these adverts can execute scripts to perform downloads/installations without user permission.
Malicious extensions can also be bundled into installation setups of regular programs. Download from untrustworthy sources (e.g., freeware and third-party websites, Peer-to-Peer sharing networks, etc.) and rushed installations (e.g., used "Easy/Express" settings, etc.) increase the risk of allowing bundled content into the system.
How to avoid installation of malicious browser extensions?
We strongly advise researching software and downloading it only from official and verified channels. When installing, it is crucial to read terms, explore available options, use the "Custom/Advanced" settings, and opt-out of supplementary apps, extensions, tools, etc.
Another recommendation is to exercise caution when browsing since fraudulent and malicious material usually looks ordinary and harmless. For example, intrusive ads may appear legitimate yet redirect to highly questionable sites (e.g., gambling, adult-dating, pornography, etc.).
In case of encounters with such advertisements/redirects, check the system and immediately remove all suspicious browser extensions and applications. If your computer is already infected with malicious extensions, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate this adware.
Screenshots of the permissions asked by cookie stuffing browser extensions:
Screenshots of websites used to promote cookie stuffing browser extensions:
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
- What are cookie stuffing browser extensions?
- STEP 1. Uninstall unwanted applications using Control Panel.
- STEP 2. Remove cookie stuffing browser extensions from Google Chrome.
- STEP 3. Remove cookie stuffing browser extensions from Mozilla Firefox.
- STEP 4. Remove cookie stuffing browser extensions from Safari.
- STEP 5. Remove rogue plug-ins from Microsoft Edge.
Cookie stuffing browser extension removal:
Windows 11 users:
Right-click on the Start icon, select Apps and Features. In the opened window search for the application you want to uninstall, after locating it, click on the three vertical dots and select Uninstall.
Windows 10 users:
Right-click in the lower left corner of the screen, in the Quick Access Menu select Control Panel. In the opened window choose Programs and Features.
Windows 7 users:
Click Start (Windows Logo at the bottom left corner of your desktop), choose Control Panel. Locate Programs and click Uninstall a program.
macOS (OSX) users:
Click Finder, in the opened screen select Applications. Drag the app from the Applications folder to the Trash (located in your Dock), then right click the Trash icon and select Empty Trash.
In the uninstall programs window, look for suspicious entries, select them entry and click "Uninstall" or "Remove".
After uninstalling potentially unwanted applications, scan your computer for any remaining unwanted components or possible malware infections. To scan your computer, use recommended malware removal software.
Remove cookie stuffing browser extensions from Internet browsers:
Video showing how to remove potentially unwanted browser add-ons:
Remove malicious extensions from Google Chrome:
Click the Chrome menu icon (at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate suspicious extensions, select these entries and click "Remove".
If you continue to have problems with removal of the cookie stuffing browser extension adware, reset your Google Chrome browser settings. Click the Chrome menu icon (at the top right corner of Google Chrome) and select Settings. Scroll down to the bottom of the screen. Click the Advanced… link.
After scrolling to the bottom of the screen, click the Reset (Restore settings to their original defaults) button.
In the opened window, confirm that you wish to reset Google Chrome settings to default by clicking the Reset button.
Remove malicious plugins from Mozilla Firefox:
Click the Firefox menu (at the top right corner of the main window), select "Add-ons and themes". Click "Extensions", in the opened window locate suspicious extensions, click on the three dots and then click "Remove".
Computer users who have problems with cookie stuffing browser extension adware removal can reset their Mozilla Firefox settings.
Open Mozilla Firefox, at the top right corner of the main window, click the Firefox menu, in the opened menu, click Help.
Select Troubleshooting Information.
In the opened window, click the Refresh Firefox button.
In the opened window, confirm that you wish to reset Mozilla Firefox settings to default by clicking the Refresh Firefox button.
Remove malicious extensions from Safari:
Make sure your Safari browser is active, click Safari menu, and select Preferences....
In the opened window click Extensions, locate any recently installed suspicious extension, select it and click Uninstall.
Make sure your Safari browser is active and click on Safari menu. From the drop down menu select Clear History and Website Data...
In the opened window select all history and click the Clear History button.
Remove malicious extensions from Microsoft Edge:
Click the Edge menu icon (at the upper-right corner of Microsoft Edge), select "Extensions". Locate all recently-installed suspicious browser add-ons and click "Remove" below their names.
If you continue to have problems with removal of the cookie stuffing browser extension adware, reset your Microsoft Edge browser settings. Click the Edge menu icon (at the top right corner of Microsoft Edge) and select Settings.
In the opened settings menu select Reset settings.
Select Restore settings to their default values. In the opened window, confirm that you wish to reset Microsoft Edge settings to default by clicking the Reset button.
- If this did not help, follow these alternative instructions explaining how to reset the Microsoft Edge browser.
Commonly, adware or potentially unwanted applications infiltrate Internet browsers through free software downloads. Note that the safest source for downloading free software is via developers' websites only. To avoid installation of adware, be very attentive when downloading and installing free software. When installing previously-downloaded free programs, choose the custom or advanced installation options – this step will reveal any potentially unwanted applications listed for installation together with your chosen free program.
Post a comment:
If you have additional information on cookie stuffing browser extension adware or it's removal please share your knowledge in the comments section below.
Frequently Asked Questions (FAQ)
What harm can cookie stuffing browser extensions cause?
Cookie stuffing browser extensions are designed to inject content into website Internet cookies. The four that we analyzed ("AutoBuy Flash Sales, Deals, and Coupons", "FlipShope - Price Tracker Extension", "Full Page Screenshot Capture - Screenshotting", and "Netflix Party") injected affiliate IDs into e-commerce site cookies - thereby receiving a commission whenever the user made any purchase. Generally, malicious browser extensions can cause system infections, severe privacy issues, financial losses, and identity theft.
What do cookie stuffing browser extensions do?
Cookie stuffing browser extensions insert affiliate IDs into website Internet cookies. The goal is to receive an affiliate commission whenever the user makes a purchase, regardless of what they are buying. Additionally, this malicious software collects private data. Extensions of this kind may also be able to display browser notification spam and hijack clipboards (copy-past buffers).
How do cookie stuffing browser extension developers generate revenue?
The developers of this software earn commissions whenever users make purchases.
Will Combo Cleaner remove cookie stuffing browser extensions?
Yes, Combo Cleaner is designed to detect and eliminate threats. It can remove all manner of unwanted/malicious software, e.g., adware, browser hijackers, PUAs, and so on. It is even capable of eliminating nearly all known malware infections.
Note that manual removal of unwanted software might be ineffective. Because even after the software is manually removed (without the aid of security programs) - various leftover files can remain hidden in the system. These components may continue to run and cause problems. Hence, thoroughness is crucial in software removal.