TBH I wonder what's going on with the hyper-generic username of "FreelanceProgrammingServices", profile picture, and the HN username of WindowsDev who has made three GitHub submissions of their own work and posted one comment.
If you found something malicious in the code point it out and it will be removed. This does seem ridiculous to go through just for a working black theme, but the competitor extensions are simply not working as well.
Why do the JavaScript files in repo "Chrome-OLED-Mode" reference sdmextension[.]com, a known C2 server in a Chrome extension malware campaign identified by GitLab Threat Intelligence? Is this a copy of the malicious "Super dark mode" extension? (ID: nlgphodeccebbcnkgmokeegopgpnjfkc)
The readme says its a fork of Super Dark Mode, which might of turned became associated with malware after getting bought out or hacked by the original owners.
>We assess that the threat actor acquired access to at least some of the extensions from their original developers, rather than through a compromise. The threat actor has been trojanizing extensions since at least July 2024.
But for several years it was a legit extension used by over 300,000 people and it worked beautifully. You found a reference to their old domain in their old extension which is not surprising. If you remove this reference it still works. Can you show that the reference in the code is malicious?
> This extension is a static browser-side script which leverages React's dynamic rendering and live component updating mechanisms. At runtime, it waits for the DOM to finish loading, then injects content into a dedicated element (#__oled). Using ReactDOM.createRoot, it mounts a themed layout component that wraps the core UI, enabling declarative reactivity and efficient DOM updates.
Why does a global theme need to load React? More importantly, why does a code repository contain minified, if not obfuscated, code?
That React stuff is for the interface. It contains transpiled "minified" code so to cut back on the file size. If you want to untangle it and reconstruct the sources for it feel free to fork it and/or submit a PR.
This doesn't pass any kind of a sniff test. The file size doesn't need to be small for Github, they don't care. Likewise it doesn't need to be small for the extension since the extension is stored locally, not loaded over the network. Take your malware elsewhere.
I was transparent about the origins of where this code came from. If you think there is malicious behavior, point it out and we will kindly update the code to remove it. The reference to the extensions old domain has been removed now.
Typically the burden of proof would be on the one making the assertion that something is malicious, but I see mere accusations and paranoia is good enough for some people even with the code right in front of them. Two unused string constants doesn't mean much.
From the name alone I assumed this was going to move the browser UI around to prevent burn-in. Has anyone attempted this yet? Perhaps as a native feature?
It currently does not, just handles applying a uniform black theme across all domains. Good suggestion though, I will look into implementing this today. (My idea is, to use a custom zooming offset determined by the date- applying a random zoom % between 0 and 116 while keeping font size original, not too obvious to the person but enough to shift the pixels around a bit.
The pixel shifting that GP mentions is already included in most if not all. I'm dailying an LG C3 42" as a monitor and these 16 months, so far so good.
However, I am on Linux and running a custom "DE" with Sway, my background is pure black and swayidle locks my screen in 3 minutes (to black). Also, anytime I get up, I power it off because even if it's displaying only black, the screensaver kicks in after some time (dumb feature that I cannot disable and would be better served by my solution).
The on-device hardware even does neat little tricks like shift your image around by a pixel or two so you don’t have to think about it. Haven't ever seen burn-in on an OLED, myself.
TBH I wonder what's going on with the hyper-generic username of "FreelanceProgrammingServices", profile picture, and the HN username of WindowsDev who has made three GitHub submissions of their own work and posted one comment.
This all feels very off. Part of the readme, and I hate to say it as it's almost become a trope at this point, feels like it was AI generated.
Plus the commits are "file uploads". Plus the minified multi-MB source files.
My spidey senses are tingling.
If you found something malicious in the code point it out and it will be removed. This does seem ridiculous to go through just for a working black theme, but the competitor extensions are simply not working as well.
And I wonder what's with your need to point out the most obvious of things.
Why do the JavaScript files in repo "Chrome-OLED-Mode" reference sdmextension[.]com, a known C2 server in a Chrome extension malware campaign identified by GitLab Threat Intelligence? Is this a copy of the malicious "Super dark mode" extension? (ID: nlgphodeccebbcnkgmokeegopgpnjfkc)
https://gitlab-com.gitlab.io/gl-security/security-tech-notes...
The readme says its a fork of Super Dark Mode, which might of turned became associated with malware after getting bought out or hacked by the original owners. >We assess that the threat actor acquired access to at least some of the extensions from their original developers, rather than through a compromise. The threat actor has been trojanizing extensions since at least July 2024.
But for several years it was a legit extension used by over 300,000 people and it worked beautifully. You found a reference to their old domain in their old extension which is not surprising. If you remove this reference it still works. Can you show that the reference in the code is malicious?
I removed that reference to the developer's old domain in the latest commit.
How nice of you to drop off your drive-by accusations from a throwaway account and disappear into the wind.
> This extension is a static browser-side script which leverages React's dynamic rendering and live component updating mechanisms. At runtime, it waits for the DOM to finish loading, then injects content into a dedicated element (#__oled). Using ReactDOM.createRoot, it mounts a themed layout component that wraps the core UI, enabling declarative reactivity and efficient DOM updates.
Why does a global theme need to load React? More importantly, why does a code repository contain minified, if not obfuscated, code?
https://raw.githubusercontent.com/FreelanceProgrammingServic...
That React stuff is for the interface. It contains transpiled "minified" code so to cut back on the file size. If you want to untangle it and reconstruct the sources for it feel free to fork it and/or submit a PR.
This doesn't pass any kind of a sniff test. The file size doesn't need to be small for Github, they don't care. Likewise it doesn't need to be small for the extension since the extension is stored locally, not loaded over the network. Take your malware elsewhere.
I was transparent about the origins of where this code came from. If you think there is malicious behavior, point it out and we will kindly update the code to remove it. The reference to the extensions old domain has been removed now.
There is no reason for anyone to touch any of this with a ten foot pole, let alone do free work for you. Laughable.
Typically the burden of proof would be on the one making the assertion that something is malicious, but I see mere accusations and paranoia is good enough for some people even with the code right in front of them. Two unused string constants doesn't mean much.
No one should load up an extension that has access to all pages and even the Github source is minified garbage.
Alternate idea: use Microsoft Edge on any (desktop) platform, go to Settings > Accessibility > Page colors and set it to Night Sky.
This enables forced color mode with a yellow on black color scheme.
https://www.microsoft.com/en-us/edge/features/page-colors
Very nice idea, cannot wait to test it on my Windows laptop with OLED.
One interesting note though, the screenshots are on macOS where OLED is less expected "in the wild".
From the name alone I assumed this was going to move the browser UI around to prevent burn-in. Has anyone attempted this yet? Perhaps as a native feature?
It currently does not, just handles applying a uniform black theme across all domains. Good suggestion though, I will look into implementing this today. (My idea is, to use a custom zooming offset determined by the date- applying a random zoom % between 0 and 116 while keeping font size original, not too obvious to the person but enough to shift the pixels around a bit.
Is burn in still a thing?
Early gen OLEDs had abysmal burn in and I had devices with static ui elements like status bars etched into screen in a couple of months.
It feels like history now.
Very much so. Getting it on a 360hz monitor currently due to my own neglect
What did you do?
The pixel shifting that GP mentions is already included in most if not all. I'm dailying an LG C3 42" as a monitor and these 16 months, so far so good.
However, I am on Linux and running a custom "DE" with Sway, my background is pure black and swayidle locks my screen in 3 minutes (to black). Also, anytime I get up, I power it off because even if it's displaying only black, the screensaver kicks in after some time (dumb feature that I cannot disable and would be better served by my solution).
The on-device hardware even does neat little tricks like shift your image around by a pixel or two so you don’t have to think about it. Haven't ever seen burn-in on an OLED, myself.
Yes, OLED burn in it’s still very much a thing and it didn’t improve significantly- or at all.
You can see this YouTube channel (my go to when choosing monitors) and the tests they did on that particular subject: https://youtu.be/k-NOoMklpPM