Not a new thing. In fact, a while back this guy[1] sold out the Nano extension to suspect elements and made money out of it. The new owners turned that extension into malware. The original author who sold it then started closing the github issues that were raised, made the repo read only and fled. Was discussed a while back here in HN https://news.ycombinator.com/item?id=24803740 and the malware details here
https://github.com/NanoAdblocker/NanoCore/issues/362#issueco...
[1] https://github.com/jspenguin2017