That headline is quite misleading … the malicious extension only had a few hundred installs, not millions. They just copied an existing extension that does have 7 millions installs. They did went quite far by registering a URL. Of course it is bad that stuff like this manages to get on the store, but as long as you check what you are installing, you should be fine.
I searched for a fish related video on PeerTube and put the URL (https://video.ploud.jp/w/ddbf542e-d4b6-4778-abed-8c51799188a4) in the search bar of my Lemmy instance, after a bit the video was available like here just as a regular Lemmy post. You should now be able to reply to it from Lemmy.
Users that have a profile icon generally appear with that icon on the web UI. Of course it is not as easy as building your own Snoo on Reddit, but it works fine for me in both the web ui and MLem
Ah it makes more sense that way, I didn’t read the title as if they were talking about all the extensions that they found summed together. This does make it really clear that you should always check extensions when installing them, and not just install extensions with a low install base from an unknown author.