Well this was an extremely unsophisticated attack. The malware wasn't hidden and they didn't even bother to actually copy the real extension.
If I were doing this I would copy the real extension, give it a name that made it sound official but in the README say it is a tweaked version with some improvements or whatever. Also actually add some improvements, but hide the malware in those changes.
If I were doing this I would copy the real extension, give it a name that made it sound official but in the README say it is a tweaked version with some improvements or whatever. Also actually add some improvements, but hide the malware in those changes.
Good luck finding that. (brb going to try this)