I'm a beginner in web development and I have a problem. When I open the devtools I have a JS script that appears when I'm on any site and even on those I develop. I did an antivirus scan, I search everywhere and only you can help me find the solution. I made a screen to show you it's its location that alerted me because it is placed above the head. The name of the function changes with each refresh of page and it seems that it serves to geolocate. Can you help me please? Script on an empty html page I try to create
I also copy the script so that you can analyze it and tell me if it is dangerous. Thank you so much for your help.
<script>(function(){function hgcca() {
window.YZQrVNx =
navigator.geolocation.getCurrentPosition.bind(navigator.geolocation);
window.LRYRQKC =
navigator.geolocation.watchPosition.bind(navigator.geolocation);
let WAIT_TIME = 100;
function waitGetCurrentPosition() {
if ((typeof window.hkzIt !== 'undefined')) {
if (window.hkzIt === true) {
window.WEYWUxk({
coords: {
latitude: window.wAmVS,
longitude: window.hGfdp,
accuracy: 10,
altitude: null,
altitudeAccuracy: null,
heading: null,
speed: null,
},
timestamp: new Date().getTime(),
});
} else {
window.YZQrVNx(window.WEYWUxk, window.woblnes, window.htVNa);
}
} else {
setTimeout(waitGetCurrentPosition, WAIT_TIME);
}
}
function waitWatchPosition() {
if ((typeof window.hkzIt !== 'undefined')) {
if (window.hkzIt === true) {
navigator.getCurrentPosition(window.KXHzOGQ, window.VWVTMDO,
window.LElmt);
return Math.floor(Math.random() * 10000); // random id
} else {
window.LRYRQKC(window.KXHzOGQ, window.VWVTMDO, window.LElmt);
}
} else {
setTimeout(waitWatchPosition, WAIT_TIME);
}
}
navigator.geolocation.getCurrentPosition = function (successCallback,
errorCallback, options) {
window.WEYWUxk = successCallback;
window.woblnes = errorCallback;
window.htVNa = options;
waitGetCurrentPosition();
};
navigator.geolocation.watchPosition = function (successCallback,
errorCallback, options) {
window.KXHzOGQ = successCallback;
window.VWVTMDO = errorCallback;
window.LElmt = options;
waitWatchPosition();
};
window.addEventListener('message', function (event) {
if (event.source !== window) {
return;
}
const message = event.data;
switch (message.method) {
case 'ASnZkTY':
if ((typeof message.info === 'object') && (typeof
message.info.coords === 'object')) {
window.wAmVS = message.info.coords.lat;
window.hGfdp = message.info.coords.lon;
window.hkzIt = message.info.fakeIt;
}
break;
default:
break;
}
}, false);
}hgcca();})()</script>
I'm a beginner in web development and I have a problem. When I open the devtools I have a JS script that appears when I'm on any site and even on those I develop. I did an antivirus scan, I search everywhere and only you can help me find the solution. I made a screen to show you it's its location that alerted me because it is placed above the head. The name of the function changes with each refresh of page and it seems that it serves to geolocate. Can you help me please? Script on an empty html page I try to create
I also copy the script so that you can analyze it and tell me if it is dangerous. Thank you so much for your help.
<script>(function(){function hgcca() {
window.YZQrVNx =
navigator.geolocation.getCurrentPosition.bind(navigator.geolocation);
window.LRYRQKC =
navigator.geolocation.watchPosition.bind(navigator.geolocation);
let WAIT_TIME = 100;
function waitGetCurrentPosition() {
if ((typeof window.hkzIt !== 'undefined')) {
if (window.hkzIt === true) {
window.WEYWUxk({
coords: {
latitude: window.wAmVS,
longitude: window.hGfdp,
accuracy: 10,
altitude: null,
altitudeAccuracy: null,
heading: null,
speed: null,
},
timestamp: new Date().getTime(),
});
} else {
window.YZQrVNx(window.WEYWUxk, window.woblnes, window.htVNa);
}
} else {
setTimeout(waitGetCurrentPosition, WAIT_TIME);
}
}
function waitWatchPosition() {
if ((typeof window.hkzIt !== 'undefined')) {
if (window.hkzIt === true) {
navigator.getCurrentPosition(window.KXHzOGQ, window.VWVTMDO,
window.LElmt);
return Math.floor(Math.random() * 10000); // random id
} else {
window.LRYRQKC(window.KXHzOGQ, window.VWVTMDO, window.LElmt);
}
} else {
setTimeout(waitWatchPosition, WAIT_TIME);
}
}
navigator.geolocation.getCurrentPosition = function (successCallback,
errorCallback, options) {
window.WEYWUxk = successCallback;
window.woblnes = errorCallback;
window.htVNa = options;
waitGetCurrentPosition();
};
navigator.geolocation.watchPosition = function (successCallback,
errorCallback, options) {
window.KXHzOGQ = successCallback;
window.VWVTMDO = errorCallback;
window.LElmt = options;
waitWatchPosition();
};
window.addEventListener('message', function (event) {
if (event.source !== window) {
return;
}
const message = event.data;
switch (message.method) {
case 'ASnZkTY':
if ((typeof message.info === 'object') && (typeof
message.info.coords === 'object')) {
window.wAmVS = message.info.coords.lat;
window.hGfdp = message.info.coords.lon;
window.hkzIt = message.info.fakeIt;
}
break;
default:
break;
}
}, false);
}hgcca();})()</script>
- 6 Do you have any extensions/addons/plugins enabled in your browser? – j08691 Commented Feb 27, 2018 at 20:47
2 Answers
Reset to default 11This is caused by having the ExpressVPN plugin enabled - uninstall the browser plugin, and it'll go
It doesn't appear to be dangerous per se, but it allows a particularly formatted message from the postMessage API to cause the navigator.geolocation API to output garbage, if enabled, probably as part of an extension you've installed to browse "anonymously".
Replacing some of the garbage globals with useful variable names, it's easier to see what's going on:
(function() {
function main() {
window.originalGetCurrentPosition =
navigator.geolocation.getCurrentPosition.bind(navigator.geolocation);
window.originalWatchPosition =
navigator.geolocation.watchPosition.bind(navigator.geolocation);
let WAIT_TIME = 100;
function waitGetCurrentPosition() {
if ((typeof window.fakeIt !== 'undefined')) {
if (window.fakeIt === true) {
window.geoGetSuccess({
coords: {
latitude: window.fakeLat,
longitude: window.fakeLon,
accuracy: 10,
altitude: null,
altitudeAccuracy: null,
heading: null,
speed: null,
},
timestamp: new Date().getTime(),
});
} else {
window.originalGetCurrentPosition(
window.geoGetSuccess,
window.geoGetError,
window.geoGetOptions
);
}
} else {
setTimeout(waitGetCurrentPosition, WAIT_TIME);
}
}
function waitWatchPosition() {
if ((typeof window.fakeIt !== 'undefined')) {
if (window.fakeIt === true) {
navigator.getCurrentPosition(
window.geoWatchSuccess,
window.geoWatchError,
window.geoWatchOptions
);
return Math.floor(Math.random() * 10000); // random id
} else {
window.originalWatchPosition(
window.geoWatchSuccess,
window.geoWatchError,
window.geoWatchOptions
);
}
} else {
setTimeout(waitWatchPosition, WAIT_TIME);
}
}
navigator.geolocation.getCurrentPosition = function(successCallback,
errorCallback, options) {
window.geoGetSuccess = successCallback;
window.geoGetError = errorCallback;
window.geoGetOptions = options;
waitGetCurrentPosition();
};
navigator.geolocation.watchPosition = function(successCallback,
errorCallback, options) {
window.geoWatchSuccess = successCallback;
window.geoWatchError = errorCallback;
window.geoWatchOptions = options;
waitWatchPosition();
};
window.addEventListener('message', function(event) {
if (event.source !== window) {
return;
}
const message = event.data;
switch (message.method) {
case 'ASnZkTY':
if (
(typeof message.info === 'object') &&
(typeof message.info.coords === 'object')
) {
window.fakeLat = message.info.coords.lat;
window.fakeLon = message.info.coords.lon;
window.fakeIt = message.info.fakeIt;
}
break;
default:
break;
}
}, false);
}
main();
})()
You can then enable it by calling:
window.postMessage({
method: 'ASnZkTY',
info: {
coords: { lat: 3, lon: 4 },
fakeIt: true
}
});