Hello to all! I have a question for you. Today, browsing the internet, GoogleChrome found such a thing. One of its plug-ins ( Alter Geo ) voluntarily adds such code to each page:

 function injectJs(link) { var scr = document.createElement('script'); scr.type="text/javascript"; scr.src=link; scr.setAttribute('charset', 'utf-8'); document.getElementsByTagName('head')[0].appendChild(scr) } injectJs(chrome.extension.getURL('js/injected.js'));

And inside the injected.js file there was this:

 var __AlterGeo__Chrome_Ext__ = function() { var plugin = null; this.Init = function() { try { var emb = document.createElement('embed'); emb.setAttribute('type', 'application/altergeoproject'); emb.setAttribute('id', '__altergeo_plugin__'); emb.setAttribute('width', '0px'); emb.setAttribute('height', '0px'); emb.setAttribute('hidden', 'true'); document.body.appendChild(emb); plugin = document.getElementById("__altergeo_plugin__"); }catch(e){} } this.__defineGetter__("doctype", function () {return plugin.doctype}); this.__defineGetter__("sd", function () {return plugin.sd;}); this.__defineGetter__("apikey", function () {return plugin.apikey;}); this.__defineGetter__("uuid", function () {return plugin.uuid;}); this.__defineGetter__("version", function () {return plugin.version;}); this.__defineGetter__("locationprovider", function () {return plugin.locationprovider;}); this.__defineSetter__("doctype", function (value) {return plugin.doctype = value;}); this.__defineSetter__("apikey", function (value) {return plugin.apikey = value;}); this.Init(); this.getCurrentPosition = function(onSuccess, onError) { if(onError != undefined) plugin.GetCurrentPosition(onSuccess, onError); else plugin.GetCurrentPosition(onSuccess); } this.setLocation = function(lat, lng, zoom, onSuccess) { onSuccessFeedback = onSuccess; plugin.SetLocation(lat, lng, zoom, onSuccess); } this.prepare = function(onSuccess, onError) { if(onError != undefined) plugin.prepare(onSuccess, onError); else plugin.prepare(onSuccess); } } try { window.__defineGetter__('_altergeo_bho', function() { return window.altergeo_bho || (window.altergeo_bho = new __AlterGeo__Chrome_Ext__()) }); }catch(e){}

Nobody came across this? Can someone explain this code with the page (suddenly steals passwords)? :))

I really wonder why the plugin file is called "injected". Especially against the background of the fact that I read somewhere that in their repository there were "guests".

UPD:

Before laughing at my fears and minus, I advise you to read this article: http://habrahabr.ru/post/142521/

  • what the hell passwords? What the hell is a question - Zowie
  • @AlexWindHope, it is impossible to steal passwords in this way? Proof, plz !!))) Damn it, with this question, I am interested in the idea itself. Waiting for an answer. - alex_90
  • one
    Nope, the contents of the forms (including passwords) can still be collected. And the question is really crazy. - karmadro4
  • @AlexWindHope, here’s the article: habrahabr.ru/post/142521 PS Today, the Mail agent said that my account is used somewhere (I’m only going out from my computer). Strange, why would it? Coincidence?)) - alex_90

1 answer 1

It is necessary to distinguish between the words injected and infected , no passwords this script is not stolen, and inject means the introduction

  • I noticed a typo, but it was too late. Now everything fell into place. - alex_90