It's nice to see the community stepping in to "fix" the situation.
Anyone who does not like it, please uninstall this plugin.
I will not explain it anymore.
I'm not interested in stealing your privacy.
Any other scenario means that they intentionally and secretly included code into their compiled binaries which posed a security and privacy risk.
> These codes never worked on user machine. They were used for patching plugin bugs.
Uh huh. If it was such a benign use, why wasn't it in the repository, or mentioned in the marketplace page?
I'm still a little confused as to what the code was doing, though. It gathers statistics about your user machine (none of which seemed too personal - basically IP, OS, country, etc).
But then what is it doing? Opening a virtual browser or simulating clicks to some ad network?
I guess it might be keeping the black stuff for some cool down time just after installation. Many malware seem to do there days. We might have got true clicks targeted.