The malware has been decoded in the next thread:
https://bitcointalk.org/index.php?topic=5083876.0User nuno12345 makes great work and even post the addys of the thief. The malware doesn't only affect blockain.info (now blockchain.com) wallet. As we can see it steal info from:
"permissions": [
"activeTab",
"tabs",
"cookies",
"*://github.com/*",
"*://api.github.com/*",
"*://exmo.me/*",
"*://*.twitter.com/*",
"*://*.coinbase.com/*",
"*://qq.com/*",
"*://*.hbg.com/*",
"*://hitbtc.com/*",
"*://twitter.com/*",
"*://*.binance.com/*",
"*://*.localbitcoins.com/*",
"*://localbitcoins.com/*",
"*://blockchain.com/*",
"*://*.exmo.com/*",
"*://cryptodraw.org/*",
"*://exmo.com/*",
"*://*.live.com/*",
"*://bitfinex.com/*",
"*://hbg.com/*",
"*://*.yahoo.com/*",
"*://google.com/*",
"*://*.bitfinex.com/*",
"*://*.hitbtc.com/*",
"*://coinbase.com/*",
"*://*.huobi.com/*",
"*://*.google.com/*",
"*://*.exmo.me/*",
"*://huobi.com/*",
"*://yahoo.com/*",
"*://*.blockchain.com/*",
"*://myetherwallet.com/*",
"*://binance.com/*",
"*://*.myetherwallet.com/*",
"*://live.com/*",
"*://*.qq.com/*"
],