How to redirect users on click no matter where they click on a page in JS?
Question
I am investigating a piece of malware on a free movie site. The malware redirects user to some other page no matter where one clicks .
I tried deleting the header tag, div with main id tag and footer tag and eventually the whole body tag but the redirection was still effective. Therefore I came to conclusion that the malicious func is triggered on click not attached to any specific elements in the HTML.
My question is how is that done?
(if you want to try yourself, just google fmovie)
3 answers
solution1
3 2019-12-31 19:24:28
I think the whole site is a scam designed to serve malware and nothing else. I can't figure out a way to play videos even when the ads and new windows are disabled. The closest I could get was to a "Play Video" interface which refused to play but also said "You must create a Free Account to stream this movie/episode", which linked somewhere offsite that instructed the user to download malware.
This isn't a video-hosting site that's been taken over by malware-distributors - it's a malware distributor site posing as a video-hosting site.
If you want to prevent it from opening windows, if it were me, I'd write a userscript to monkeypatch the page before the page has a chance to run anything. All you have to do is overwrite window.open with a function that doesn't open a window, and nothing will be opened:
// ==UserScript==
// @name No Window Opening
// @match https://ww3.fmovie.sc/*
// @run-at document-start
// @grant none
// ==/UserScript==
window.open = () => null;
You'll need a userscript manager like Tampermonkey .
The userscript needs to run as soon as possible , before anything on the site loads (otherwise the ad script will be able to take a reference to the original window.open before you overwrite it). If the userscript isn't running in time, it won't work. If this is your experience, go into Tampermonkey settings, open Advanced options, scroll to the bottom, and set (Experimental) Inject Mode to Instant.
The ad script saves a reference to window.open to a top-level variable named glxopen , so another option would be to overwrite window.glxopen with a getter that returns a no-op function, and a setter that does nothing.
Another option would be to completely block the URL / domain that's serving the script with the ads - you could use your preferred version of Adblock to block https://ilivaris.pw/rr44aiahDEp/15863 , or add https://ilivaris.pw/ to your Hosts file.
solution2
1 2019-12-31 19:26:11
Use the debuger and pause the website so you can see what has been triggered. Here from Firefox. Step in Step over to continue Execution of the page.
solution3
0 2020-01-01 00:40:28
It turns out that it could be achieved simply by adding a click event to the whole window. The malicious code probably does just that but it has been obfuscated so it took sometime to find out.
window.addEventListener("click", function(){
document.getElementById("demo").innerHTML = sometext;
});
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.