This spyware was found to use MellowTel-js, an open source JavaScript library that allows developers to monetize their extensions, by selling your personal info:
arstechnica.com/security/2025/07/browser-extensions-turn-nearly-1-million-browsers-into-website-scraping-bots/