Avoid PHP Syntax Hint extension - it's malware

[treebeard9]

Not sure where else to post this, but I clicked on that one just to see something and it went all wacky and tried to install malware and crashed my browser, etc so be careful with extensions, they are not being monitored or checked for corruption

Sorry I didn't see the actual message or url or anything, I closed it super fast and then everything went nuts

[abose]

@treebeard9 No worries, and thanks for the heads-up ad we take security issues at highest priority. Quick clarification:

Install pulls the extension zip from our registry/GitHub (not the author’s website).

looks like the “More Info” button in the extension manager opens the extension’s old homepage and that domain expired and now resolves to a parked “domain for sale” page (via Above.com).

Above.com itself is a legit domain marketplace/registrar, but parked pages can include aggressive third-party ads/popups, and Above explicitly notes that parked-domain content can be supplied by third parties (and they take measures when malicious redirects are detected).

If you can, please confirm:

1. whether you installed the extension or only clicked More Info that opened a suspicious web page

We reviewed the extension package itself and it looks clean. The install uses the zip we host/reference here, so it’s safe to install as-is, so if you installed it is safe and didn't leak anything:

review source code at: https://github.com/brackets-archive/brackets-extensions/blob/main/extensions/brackets-php-syntax-hint-1.1.6.zip

What likely happened is the “More Info” link points to an old homepage whose domain is now parked (often showing aggressive ads/popups).

We’ll fix/update that link to avoid sending folks to a parked domain, but the extension itself is safe if you installed. but yes, please be aware of the risks of installing third party extensions from any marketplace. We do keep an eye on all the recently published extensions and take necessary actions if its malicious within a day of getting reports.

update: We scanned the links and it looks like the links are just placeholder from above.com domain marketplace. The scan didn't resolve to any security issues on that link. More info of what exactly happened will help. Till then, there is no pending security flags from our end on this extension.