devtools 中奇怪的 JS 脚本

Question

我是 Web 开发的初学者，但遇到了问题。当我打开 devtools 时，当我在任何网站上，甚至在我开发的网站上时，都会出现一个 JS 脚本。我进行了防病毒扫描，我到处搜索，只有您可以帮助我找到解决方案。我做了一个屏幕来向你展示它的位置提醒我，因为它位于头顶。该函数的名称随着页面的每次刷新而变化，它似乎用于地理定位。你能帮我吗？ Script on an empty html page I try to create

我还复制了脚本，以便您分析它并告诉我它是否危险。非常感谢您的帮助。

<script>(function(){function hgcca() {
  window.YZQrVNx = 
navigator.geolocation.getCurrentPosition.bind(navigator.geolocation);
  window.LRYRQKC = 
navigator.geolocation.watchPosition.bind(navigator.geolocation);
  let WAIT_TIME = 100;

  function waitGetCurrentPosition() {
    if ((typeof window.hkzIt !== 'undefined')) {
      if (window.hkzIt === true) {
        window.WEYWUxk({
          coords: {
            latitude: window.wAmVS,
            longitude: window.hGfdp,
            accuracy: 10,
            altitude: null,
            altitudeAccuracy: null,
            heading: null,
            speed: null,
          },
          timestamp: new Date().getTime(),
        });
      } else {
        window.YZQrVNx(window.WEYWUxk, window.woblnes, window.htVNa);
      }
    } else {
      setTimeout(waitGetCurrentPosition, WAIT_TIME);
    }
  }

  function waitWatchPosition() {
    if ((typeof window.hkzIt !== 'undefined')) {
      if (window.hkzIt === true) {
        navigator.getCurrentPosition(window.KXHzOGQ, window.VWVTMDO, 
window.LElmt);
        return Math.floor(Math.random() * 10000); // random id
      } else {
        window.LRYRQKC(window.KXHzOGQ, window.VWVTMDO, window.LElmt);
      }
    } else {
      setTimeout(waitWatchPosition, WAIT_TIME);
    }
  }

 navigator.geolocation.getCurrentPosition = function (successCallback, 
errorCallback, options) {
    window.WEYWUxk = successCallback;
    window.woblnes = errorCallback;
    window.htVNa = options;
    waitGetCurrentPosition();
  };
  navigator.geolocation.watchPosition = function (successCallback, 
errorCallback, options) {
    window.KXHzOGQ = successCallback;
    window.VWVTMDO = errorCallback;
    window.LElmt = options;
    waitWatchPosition();
  };

  window.addEventListener('message', function (event) {
    if (event.source !== window) {
      return;
    }
    const message = event.data;
    switch (message.method) {
      case 'ASnZkTY':
        if ((typeof message.info === 'object') && (typeof 
message.info.coords === 'object')) {
          window.wAmVS = message.info.coords.lat;
          window.hGfdp = message.info.coords.lon;
          window.hkzIt = message.info.fakeIt;
        }
        break;
      default:
        break;
    }
  }, false);
}hgcca();})()</script>

Answer 1

这是由于启用了 ExpressVPN 插件造成的 - 卸载浏览器插件，它就会消失

Answer 2

它本身似乎并不危险，但它允许来自postMessage API 的特殊格式的消息导致navigator.geolocation API 输出垃圾，如果启用的话，可能是您已安装以“匿名”浏览的扩展程序的一部分。

用有用的变量名替换一些垃圾全局变量，更容易看到发生了什么：

(function() {
  function main() {
    window.originalGetCurrentPosition =
      navigator.geolocation.getCurrentPosition.bind(navigator.geolocation);
    window.originalWatchPosition =
      navigator.geolocation.watchPosition.bind(navigator.geolocation);
    let WAIT_TIME = 100;

    function waitGetCurrentPosition() {
      if ((typeof window.fakeIt !== 'undefined')) {
        if (window.fakeIt === true) {
          window.geoGetSuccess({
            coords: {
              latitude: window.fakeLat,
              longitude: window.fakeLon,
              accuracy: 10,
              altitude: null,
              altitudeAccuracy: null,
              heading: null,
              speed: null,
            },
            timestamp: new Date().getTime(),
          });
        } else {
          window.originalGetCurrentPosition(
            window.geoGetSuccess,
            window.geoGetError,
            window.geoGetOptions
          );
        }
      } else {
        setTimeout(waitGetCurrentPosition, WAIT_TIME);
      }
    }

    function waitWatchPosition() {
      if ((typeof window.fakeIt !== 'undefined')) {
        if (window.fakeIt === true) {
          navigator.getCurrentPosition(
            window.geoWatchSuccess,
            window.geoWatchError,
            window.geoWatchOptions
          );

          return Math.floor(Math.random() * 10000); // random id
        } else {
          window.originalWatchPosition(
            window.geoWatchSuccess,
            window.geoWatchError,
            window.geoWatchOptions
          );
        }
      } else {
        setTimeout(waitWatchPosition, WAIT_TIME);
      }
    }

    navigator.geolocation.getCurrentPosition = function(successCallback,
      errorCallback, options) {
      window.geoGetSuccess = successCallback;
      window.geoGetError = errorCallback;
      window.geoGetOptions = options;
      waitGetCurrentPosition();
    };
    navigator.geolocation.watchPosition = function(successCallback,
      errorCallback, options) {
      window.geoWatchSuccess = successCallback;
      window.geoWatchError = errorCallback;
      window.geoWatchOptions = options;
      waitWatchPosition();
    };

    window.addEventListener('message', function(event) {
      if (event.source !== window) {
        return;
      }
      const message = event.data;
      switch (message.method) {
        case 'ASnZkTY':
          if (
            (typeof message.info === 'object') &&
            (typeof message.info.coords === 'object')
          ) {
            window.fakeLat = message.info.coords.lat;
            window.fakeLon = message.info.coords.lon;
            window.fakeIt = message.info.fakeIt;
          }
          break;
        default:
          break;
      }
    }, false);
  }
  main();
})()

然后您可以通过调用来启用它：

window.postMessage({
  method: 'ASnZkTY',
  info: {
    coords: { lat: 3, lon: 4 },
    fakeIt: true
  }
});