List of emails I have received about inserting malware into my extension
I've been seeing a lot of stories about extensions getting taken over by unknown developers and becoming malware. Sadly, with how many permissions many extensions have, it can do a lot of damage. I decided to compile a list of these sketchy emails I have received, to show the kinds of offers that exist.
To be clear I will never do anything of this sort, but make sure any extensions you install are from trusted developers and have as few permissions as possible. Most of these scams wouldn't even work with SponsorBlock due to lack of permissions (it only has access to youtube.com), but they spam email all developers anyway.
From [email protected] (A proxy service (botnet?)):
Their explanation page (Archive)Here's the code for their sdk. In the email they told me it was "open", so that should mean it is meant to be public.
From extensionmetric.com
The site disapeared exactly one month after their email, almost like they weren't planning on paying anything after all... Here's the code for their sdk. This one is FAR worse than infatica. There are some calls to getAllResponseHeaders, which could mean stealing logged in accounts.
From datos.live:
Presentation pdf