Search code examples
javascriptgoogle-chromemalware

How does Javascript Malware work?

I'm facing a problem with my Chrome on both Ubuntu 15.04 and Windows 10. It's some sort of malware named xnxx-ads.js. This malware opens unwanted tabs and plays advertisement audio on all sorts of pages. For instance, I might have a SO tab open with a speaker icon! playing ad.

The thing that is important to me (as a web application developer) is that how this malware works!? How can some script be loaded on a web page without it being addressed in the source? Is it because of a security hole in Google Chrome?

BTW, my Chrome is: Version 46.0.2490.86 (64-bit) on both operating systems.

[UPDATE]

My Chrome was just updated to Version 47.0.2526.73 (64-bit) and the problem remains.

Solution

  • To get mal-ware inserted into pages, you generally need one of these things:

    1. If it is only on a specific site, it is possible that that site has been compromised and the content comes from the site already infected.

    2. Something in your ISP is compromised and the content comes from your ISP already infected.

    3. Something in your own network (e.g. router) is compromised and the contents arrives on your PC already infected.

    4. A malicious program got itself installed on your computer and it is injecting things into web pages as they arrive on your computer (either by modifying the incoming TCP or by messing with the browser).

    5. A malicious browser extension got itself installed on your computer and it is injecting things into web pages as the browser loads them.

    The most likely options are 4 and 5.

    You can probably rule out 1, 2 and 3 by checking the site on your phone or tablet while attached to your home network's wifi. If there is no infection on the web pages viewed on the phone or tablet, then it is not likely 1 or 2 or 3.

    If you disable all browser extensions in Chrome and the problem still occurs, then you can probably rule out #5. If the problem goes away when you disable all browser extensions, then you probably have a bad browser extension.

    In all cases, you should run a good malware detector. When something like this happened to my daughter's computer, Microsoft Defender did not detect it, but when I downloaded and ran the free Malware-Bytes scanner, it did find the problem and removed it.