Not a new concept...
This is one of the main reasons I don't allow apps to auto-update.
Somebody, somewhere, creates a good and useful app. Then, one of three things will happen:
1, The developer will be deluded by potential advertising revenue to the point where the app will insert numerous full screen unskippable video adverts (the default to the sound on maximum).
2, The developer will start removing previous functionality to make a "Pro" version.
3, The developer will flog the app to some random third party who will then add #1 and maybe #2 above, and count yourself lucky if that's all they do as this tends to be the way of malware. After all, what better target than a popular app with a bunch of 5* reviews?
That the slimeballs are targeting browser extensions isn't a surprise. It's just "another potential app to infect", isn't it?