Is "Brightery Mega Marketing" on Chrome Web Store Safe to Install?
Brightery Mega Marketing is a complete tool to manage your digital marketing, managing paid ads, Email newsletters 7 days trial version is available, create an account at brightery.com and just login using your account credentials.
Risk Assessment
Analyzed8094 security findings detected across all analyzers
Chrome extension requesting 7 permissions
Severity Breakdown
Finding Categories
YARA Rules Matched
16 rules(550 hits)Requested Permissions
7 permissionsRead and modify cookies on all sites
About This Extension
Detailed Findings
1000 totalYARA Rule Matches
16 rulesAI Security Report
AI Security Analysis: Brightery Mega Marketing
Analysis generated: 2025-12-12T16:58:22+13:00
Model: gemini-3-pro-preview
Quick Facts
| Property | Value |
|---|---|
| UUID | 3b9e2d46-88ce-520c-8726-a9ad17c09b38 |
| Type | chrome |
| Version | |
| Users | 195 |
| Risk Score | 100.0/100 (CRITICAL) |
| Malware Detected | ⚠️ Yes |
| Secrets Exposed | ✅ No |
| Critical Vulns | ✅ No |
AI Analysis
Executive Summary
The "Brightery Mega Marketing" extension represents a CRITICAL security risk and should be immediately blocked or removed from all corporate environments. The extension exhibits an extraordinarily high volume of obfuscated code (over 4,000 instances) and contains malware signatures, resulting in a maximum risk score of 100/100. The unverified publisher status, combined with the presence of heavy obfuscation in localization files—a common technique for hiding malicious payloads—strongly suggests this extension is either malicious or severely compromised.
Threat Assessment
1. Excessive Obfuscation (Primary Threat)
The most alarming characteristic of this extension is the sheer volume of "unicode_heavy" obfuscation findings (4,132 instances).
- Location: The findings are concentrated in Angular localization files (e.g.,
js/angular/i18n/angular-locale_ckb-iq.js). - Context: Legitimate localization files typically contain standard strings (dates, currency formats) and do not require heavy Unicode obfuscation.
- Threat: Attackers often hide malicious JavaScript payloads inside localization or image files (steganography or encoding) to evade static analysis scanners. The "unicode_heavy" pattern suggests the code is trying to mask its true intent by using non-standard character encoding.
2. Malware Indicators
The analysis flagged 591 malware-signature matches. While specific signature names aren't listed in the top 30, the sheer quantity indicates that the code shares significant structural or behavioral similarities with known malware families. This is not a case of a single false positive; it is a systemic issue with the codebase.
3. Publisher Trust
- Unverified Publisher: The developer is unverified and unnamed.
- Low User Count: With only 195 users, there is no "safety in numbers" or community vetting.
- Generic Description: "Brightery Marketing tools" is vague, which is often a trait of malicious extensions designed to look like utility software.
4. Network Activity
There are 23 network findings. While low in number compared to obfuscation, in the context of the other findings, these likely represent Command and Control (C2) beacons or exfiltration paths hidden within the obfuscated logic.
Risk Justification
The 100/100 Risk Score is fully justified and accurate.
- Severity of Findings: The presence of nearly 600 malware signatures and over 4,000 obfuscation points makes this extension indistinguishable from active malware.
- Anomalous Behavior: The specific location of the obfuscation (Angular locale files) is highly irregular for legitimate software development. It indicates a deliberate attempt to hide code in files that developers and scanners usually ignore.
- Lack of Accountability: The absence of a verified publisher means there is no entity to hold accountable for security practices.
Key Findings
- Massive Code Obfuscation: 4,132 instances of obfuscation, specifically "unicode_heavy," concentrated in
js/angular/i18n/files. This is a strong indicator of a hidden payload. - High Volume of Malware Signatures: 591 matches for known malware patterns, suggesting the codebase is either malicious or heavily infected.
- Suspicious File Modification: The modification of standard library files (Angular i18n locales) to include heavy obfuscation is a classic supply chain attack or evasion technique.
- Zero Trust Score: The combination of an unverified publisher, low user count, and critical findings results in a 0/100 trust score.
Recommendations
- IMMEDIATE REMOVAL: Uninstall this extension from all devices immediately.
- BLOCKLIST: Add the Extension UUID (
3b9e2d46-88ce-520c-8726-a9ad17c09b38) to the organization's browser blocklist (e.g., via Google Workspace or Group Policy). - INCIDENT RESPONSE: If this extension was found on a device with access to sensitive data (PII, financial data, credentials), initiate incident response procedures to check for data exfiltration.
- CREDENTIAL ROTATION: As a precaution, rotate session tokens and passwords for users who had this extension installed, as the obfuscated code may contain keylogging or cookie-stealing capabilities.
Mitigation Strategies
There is no safe way to use this extension.
The risk level is too high to mitigate while keeping the software installed. The obfuscation is so pervasive that it renders the code un-auditable, and the malware signatures suggest active malicious intent. Users requiring marketing tools should seek alternatives from verified publishers with established reputations on the Chrome Web Store.
Confidence Assessment
Confidence Level: 80% (High)
- Supporting Evidence: The volume and specific type of obfuscation (Unicode heavy in locale files) is a very high-fidelity indicator of malicious intent. Legitimate developers do not obfuscate locale files in this manner.
- Caveats: The remaining 20% uncertainty lies in the lack of dynamic analysis data (runtime behavior) in the provided report. However, the static analysis findings alone are sufficient to classify this as a critical threat. The "malware-signature" count is high enough that even if 50% were false positives, the remaining matches would still constitute a critical risk.
Disclaimer
This analysis was generated by an AI model and should be reviewed by security professionals. The findings are based on automated security scanning and may include false positives. Always verify critical findings manually before taking action.
Source Code Not Available
Source code is not available for this version of the extension.
Frequently Asked Questions
Similar Extensions
Related extensions from the same publisher or marketplace
Brightery Marketing Tool
[email protected]
Brightery Customer Reaction
[email protected]
Free Website Builder
[email protected]
Brightery Website Builder
[email protected]
Brightery OTP Vault & Autofill
[email protected]
Prayer Times Companion
[email protected]