I checked my chrome network tab, when inspecting, and found this script, that looked a bit fishy. It's called inject.js and has this code. I don't have any extensions, called something like this, so I'm worried it might be a malware script?
(() => {
try {
const detectJs = (chain) => {
const properties = chain.split('.');
let value = properties.length ? window : null;
for (let i = 0; i < properties.length; i++) {
const property = properties[i];
if (value && value.hasOwnProperty(property)) {
value = value[property];
} else {
value = null;
break;
}
}
return typeof value === 'string' || typeof value === 'number' ? value : !!value;
};
const onMessage = (event) => {
if (event.data.id !== 'patterns') {
return;
}
removeEventListener('message', onMessage);
const patterns = event.data.patterns || {};
const js = {};
for (const appName in patterns) {
if (patterns.hasOwnProperty(appName)) {
js[appName] = {};
for (const chain in patterns[appName]) {
if (patterns[appName].hasOwnProperty(chain)) {
js[appName][chain] = {};
for (const index in patterns[appName][chain]) {
const value = detectJs(chain);
if (value && patterns[appName][chain].hasOwnProperty(index)) {
js[appName][chain][index] = value;
}
}
}
}
}
}
postMessage({ id: 'js', js }, '*');
};
addEventListener('message', onMessage);
} catch (e) {
// Fail quietly
}
})();
Is this some sort of malware?
通过使用Chrome中的开发人员工具,单击“源”选项卡并在“页面”子选项卡上搜索inject.js,我看到了相同的代码,并确定它是Wappalyzer的一部分。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.