It’s interesting how long it took this script to make its way into the mainstream. I remember testing this XSS exploit when it was still a Zero Day, probably a year or two ago. It came with some impressive exploits. The evidence was shared here, but I can’t seem to locate the thread now.
It’s strange how easily a simple browser extension can deceive someone, especially since code is often freely available on GitHub. With today’s advanced and well-managed endpoints, it’s surprising that this still happens. Or they want it to continue happening, either way…
I’m still saving some Crypto to buy a simplified JavaScript code that enables install from Unknown Sources in Android, not sure how that works though.