Reputation: 43
Strange JS script in devtools
I'm a beginner in web development and I have a problem. When I open the devtools I have a JS script that appears when I'm on any site and even on those I develop. I did an antivirus scan, I search everywhere and only you can help me find the solution. I made a screen to show you it's its location that alerted me because it is placed above the head. The name of the function changes with each refresh of page and it seems that it serves to geolocate. Can you help me please? Script on an empty html page I try to create
I also copy the script so that you can analyze it and tell me if it is dangerous. Thank you so much for your help.
<script>(function(){function hgcca() {
window.YZQrVNx =
navigator.geolocation.getCurrentPosition.bind(navigator.geolocation);
window.LRYRQKC =
navigator.geolocation.watchPosition.bind(navigator.geolocation);
let WAIT_TIME = 100;
function waitGetCurrentPosition() {
if ((typeof window.hkzIt !== 'undefined')) {
if (window.hkzIt === true) {
window.WEYWUxk({
coords: {
latitude: window.wAmVS,
longitude: window.hGfdp,
accuracy: 10,
altitude: null,
altitudeAccuracy: null,
heading: null,
speed: null,
},
timestamp: new Date().getTime(),
});
} else {
window.YZQrVNx(window.WEYWUxk, window.woblnes, window.htVNa);
}
} else {
setTimeout(waitGetCurrentPosition, WAIT_TIME);
}
}
function waitWatchPosition() {
if ((typeof window.hkzIt !== 'undefined')) {
if (window.hkzIt === true) {
navigator.getCurrentPosition(window.KXHzOGQ, window.VWVTMDO,
window.LElmt);
return Math.floor(Math.random() * 10000); // random id
} else {
window.LRYRQKC(window.KXHzOGQ, window.VWVTMDO, window.LElmt);
}
} else {
setTimeout(waitWatchPosition, WAIT_TIME);
}
}
navigator.geolocation.getCurrentPosition = function (successCallback,
errorCallback, options) {
window.WEYWUxk = successCallback;
window.woblnes = errorCallback;
window.htVNa = options;
waitGetCurrentPosition();
};
navigator.geolocation.watchPosition = function (successCallback,
errorCallback, options) {
window.KXHzOGQ = successCallback;
window.VWVTMDO = errorCallback;
window.LElmt = options;
waitWatchPosition();
};
window.addEventListener('message', function (event) {
if (event.source !== window) {
return;
}
const message = event.data;
switch (message.method) {
case 'ASnZkTY':
if ((typeof message.info === 'object') && (typeof
message.info.coords === 'object')) {
window.wAmVS = message.info.coords.lat;
window.hGfdp = message.info.coords.lon;
window.hkzIt = message.info.fakeIt;
}
break;
default:
break;
}
}, false);
}hgcca();})()</script>
Upvotes: 4
Views: 1543
Answers (2)
Reputation: 195
This is caused by having the ExpressVPN plugin enabled - uninstall the browser plugin, and it'll go
Upvotes: 11
Reputation: 51886
It doesn't appear to be dangerous per se, but it allows a particularly formatted message from the postMessage API to cause the navigator.geolocation API to output garbage, if enabled, probably as part of an extension you've installed to browse "anonymously".
Replacing some of the garbage globals with useful variable names, it's easier to see what's going on:
(function() {
function main() {
window.originalGetCurrentPosition =
navigator.geolocation.getCurrentPosition.bind(navigator.geolocation);
window.originalWatchPosition =
navigator.geolocation.watchPosition.bind(navigator.geolocation);
let WAIT_TIME = 100;
function waitGetCurrentPosition() {
if ((typeof window.fakeIt !== 'undefined')) {
if (window.fakeIt === true) {
window.geoGetSuccess({
coords: {
latitude: window.fakeLat,
longitude: window.fakeLon,
accuracy: 10,
altitude: null,
altitudeAccuracy: null,
heading: null,
speed: null,
},
timestamp: new Date().getTime(),
});
} else {
window.originalGetCurrentPosition(
window.geoGetSuccess,
window.geoGetError,
window.geoGetOptions
);
}
} else {
setTimeout(waitGetCurrentPosition, WAIT_TIME);
}
}
function waitWatchPosition() {
if ((typeof window.fakeIt !== 'undefined')) {
if (window.fakeIt === true) {
navigator.getCurrentPosition(
window.geoWatchSuccess,
window.geoWatchError,
window.geoWatchOptions
);
return Math.floor(Math.random() * 10000); // random id
} else {
window.originalWatchPosition(
window.geoWatchSuccess,
window.geoWatchError,
window.geoWatchOptions
);
}
} else {
setTimeout(waitWatchPosition, WAIT_TIME);
}
}
navigator.geolocation.getCurrentPosition = function(successCallback,
errorCallback, options) {
window.geoGetSuccess = successCallback;
window.geoGetError = errorCallback;
window.geoGetOptions = options;
waitGetCurrentPosition();
};
navigator.geolocation.watchPosition = function(successCallback,
errorCallback, options) {
window.geoWatchSuccess = successCallback;
window.geoWatchError = errorCallback;
window.geoWatchOptions = options;
waitWatchPosition();
};
window.addEventListener('message', function(event) {
if (event.source !== window) {
return;
}
const message = event.data;
switch (message.method) {
case 'ASnZkTY':
if (
(typeof message.info === 'object') &&
(typeof message.info.coords === 'object')
) {
window.fakeLat = message.info.coords.lat;
window.fakeLon = message.info.coords.lon;
window.fakeIt = message.info.fakeIt;
}
break;
default:
break;
}
}, false);
}
main();
})()
You can then enable it by calling:
window.postMessage({
method: 'ASnZkTY',
info: {
coords: { lat: 3, lon: 4 },
fakeIt: true
}
});
Upvotes: 1
Related Questions
- What kind of JS module is this
- what is this strange "script" doing?
- What does this bit of javascript do? This was marked by ESET as trojan
- What is this Chrome debugger VM script?
- Mysterious JavaScript/jQuery code
- What does this script do? Is it malicious?
- Mysterious line of Javascript code
- Weird javascript appeared in a page
- Came across strange javascript while fixing a page
- What does this Javascript mean? SRC is very strange looking