The Awesome Screenshot site does not indicate anywhere that advertising is going to be used, nor does the description on Apple’s Safari Extensions site. There’s absolutely no legitimate reason for this extension to be injecting a Presto Savings JavaScript into my web page! This doesn’t seem to happen all the time, but once was enough for me. Simply loading my own site and examining the page source quickly revealed an injected JavaScript: So I started looking for evidence of modifications.
#Awesome screenshot plus code
Code libraries often contain code that may not be used. The presence of nasty code is a very bad thing, but it doesn’t prove that that code is actually in use. I’ve seen adware that contained inactive code before, though. This code has a number of functions that inject code into web pages… something that a simple screenshot extension should not be doing. However, I then found a set of scripts that seemed to belong to a company called Presto Savings. This was concerning, but wasn’t proof of anything, since the function of this code was so thoroughly hidden. This is a common technique used by people who create malicious JavaScripts, since it’s nearly impossible to figure out what this kind of code does without lengthy analysis by a JavaScript expert. What was seen here was more than that, using a confusing mishmash of single-letter function names and encoded parameters. It is common to “minify” JavaScripts, to make the files smaller, but minifying just involves removing all unnecessary whitespace (spaces, returns, tabs, etc) and comments. I’m hardly an expert at analyzing Safari extension source code, but it didn’t take long to find some very concerning things.įirst, I found a strange JavaScript file containing code that had been obfuscated to the point of illegibility. I started by examining the source code for the Awesome Screenshot Safari extension. However, there was no arguing with the results my reader had. This seems like something that should be okay, especially since I couldn’t duplicate the ads when testing in a controlled environment. It also seems to be quite respectable… it can be found on Apple’s Safari Extensions page, has been rated 4 out of 5 stars on the Mozilla add-ons page, and in the Chrome web store it has been given 4.5 out of 5 stars by more than 35,000 people. I visited the Awesome Screenshot website, which is extremely polished and professional-looking. Of course, this led to a whole new kind of investigation! After almost a week of working on the problem, it turned out to be caused by one particular Safari extension: Awesome Screenshot. One of my readers was recently having problems with advertisements being injected into web pages, and none of my ad removal instructions or my Adware Removal Tool helped. June 19th, 2014 at 7:55 AM EDT, modified
0 kommentar(er)
