Is "Brightery Marketing Tool" on Chrome Web Store Safe to Install?
Brightery marketing tool, 7 days trial version is available, create an account at https://www.brightery.com and just login. Thousands of companies in 100+ countries use Brightery apps to be more productive everyday. Work smarter with Brightery! Create a free account at: www.brightery.com Report your feedback and issues to: [email protected]
Risk Assessment
Analyzed8159 security findings detected across all analyzers
Severity Breakdown
Finding Categories
YARA Rules Matched
13 rules(187 hits)About This Extension
Detailed Findings
1000 totalYARA Rule Matches
13 rulesAI Security Report
AI Security Analysis: Brightery Marketing Tool
Analysis generated: 2025-12-12T16:54:52+13:00
Model: gemini-3-pro-preview
Quick Facts
| Property | Value |
|---|---|
| UUID | a364b9a1-09c3-58b8-8991-c208a76c72c8 |
| Type | chrome |
| Version | |
| Users | 68 |
| Risk Score | 100.0/100 (CRITICAL) |
| Malware Detected | ⚠️ Yes |
| Secrets Exposed | ✅ No |
| Critical Vulns | ✅ No |
AI Analysis
Executive Summary
The Brightery Marketing Tool extension presents a CRITICAL risk profile with a calculated risk score of 100/100. While the automated analysis has generated over 8,000 security findings, a detailed review suggests a significant portion of these may be "false positives" caused by standard software internationalization files being misidentified as obfuscated code. However, due to the Unverified Publisher status, extremely low user count (68), and the presence of specific malware signatures amidst the noise, this extension should be considered untrusted and potentially dangerous until a manual code review can confirm the legitimacy of the flagged files.
Threat Assessment
The security posture of this extension is complex due to the high volume of findings versus the likely nature of the files involved.
- False Positive Storm (High Probability): The vast majority of the "High Severity" findings (specifically
OBFUSCATION-UNICODE_HEAVY) are located in thejs/angular/i18n/directory. These files (angular-locale_ar.js,angular-locale_am.js) are standard Angular framework files used for localizing dates and currencies for languages like Arabic and Amharic. These languages naturally use heavy Unicode character sets. Automated scanners often mistake these legitimate high-entropy strings for malicious code obfuscation. - Malware Indicators: Despite the likely false positives regarding obfuscation, the report indicates 606 malware-signature matches. While some may also be triggered by the localization files, the sheer volume raises the possibility that actual malicious code is hiding within the "noise" of the library files.
- Trust & Provenance: The extension has an Unverified Publisher, no developer name listed, and a vague description. With only 68 users, this extension lacks the "herd immunity" and community vetting of popular tools. It appears to be a niche or abandoned tool, which increases the risk of supply chain attacks or lack of maintenance.
Risk Justification
The Risk Score of 100/100 is technically justified by the raw data but requires contextual interpretation:
- Volume of Findings: The score is driven to the maximum by the sheer quantity of High-severity findings (4,728).
- Malware Flags: The presence of "Malware Indicators: true" automatically categorizes this as Critical.
- Mitigating Factor: If the
i18nfiles are indeed standard Angular libraries, the actual functional risk drops significantly. However, without manual verification that these files haven't been tampered with, the automated score must be respected.
Key Findings
- Suspected False Positive Obfuscation (Critical Volume): Over 4,000 findings relate to
UNICODE_HEAVYobfuscation injs/angular/i18n/. These are likely legitimate localization files for Arabic (ar), Amharic (am), and other non-Latin languages. - Malware Signatures (606 count): A high number of YARA rule matches. It is crucial to determine if these signatures are triggering on the same localization files or if they are flagging distinct malicious payloads hidden elsewhere.
- Lack of Publisher Identity: The extension is not from a verified source, making accountability impossible.
- Network Activity: 23 network findings suggest the extension communicates externally. In a "Marketing Tool," this is expected, but combined with the unverified status, it presents a data exfiltration risk.
Recommendations
- Do Not Deploy: Do not approve this extension for enterprise use in its current state.
- Immediate Removal: If currently installed on any endpoints, remove it immediately due to the "Malware Indicators" flag.
- Manual Code Review (If Business Critical): If this tool is absolutely required for operations:
- Download the extension source code (CRX).
- Compare the contents of
js/angular/i18n/against the official AngularJS repository. If the hashes match, the obfuscation findings can be dismissed. - Investigate the 23 network triggers to ensure data is only being sent to expected marketing endpoints.
- Seek Alternatives: Look for marketing tools from verified publishers with higher user counts and transparent privacy policies.
Mitigation Strategies
If the extension must be used despite the Critical rating:
- Network Isolation: Configure the browser or firewall to restrict the extension's communication only to the specific marketing domains it claims to support. Block all other outbound traffic.
- Permissions Restriction: Use browser policies to limit the extension's access to specific tabs/domains, preventing it from reading data on sensitive internal sites (e.g., email, HR portals).
- Disable on Sensitive Profiles: Ensure the extension is not installed on browser profiles used for administrative tasks or financial transactions.
Confidence Assessment
Confidence Level: 80%
I am highly confident that the OBFUSCATION-UNICODE_HEAVY findings are false positives related to Angular localization. However, because I cannot see the specific file locations for the 606 malware signatures (as they were likely in the omitted findings), I cannot rule out that a genuine threat is present alongside the benign localization files. Therefore, the "Critical" rating must stand until manual verification occurs.
Disclaimer
This analysis was generated by an AI model and should be reviewed by security professionals. The findings are based on automated security scanning and may include false positives. Always verify critical findings manually before taking action.
Source Code Not Available
Source code is not available for this version of the extension.
Frequently Asked Questions
Similar Extensions
Related extensions from the same publisher or marketplace
Brightery Mega Marketing
[email protected]
Brightery Customer Reaction
[email protected]
Free Website Builder
[email protected]
Brightery Website Builder
[email protected]
Brightery OTP Vault & Autofill
[email protected]
Prayer Times Companion
[email protected]