Dark Reader developers, additions to , , ΠΈ , which allows you to use a dark theme for any site, on the detection of the publication of malicious clones of popular add-ons. Attackers create copies of add-ons based on the existing code, supply them with malicious inserts and place them in directories under similar names, for example, Dark Mode, Dark Mode Dark Reader, Adblock Origin or uBlock Plus. When installing an add-on, users are advised to carefully check its name and author, which must match the original project.
Identified malicious add-ons are notable for the removal into PNG files camouflaged as images. Five days after installation, this code is decoded and used to download the main , which intercepts confidential data on the viewed sites (filled forms with passwords, credit card numbers, etc.) and sends them to an external server.
Source: opennet.ru