What I did? Downloaded add-on from http://abusable.net/x/video.php?56473456456 What happened? DL URLs: FF - http://abusable.net/x/video.php?id=1 Analysis: Loads JS from the add-on Calls out to the following URLs (both return the same data) http://juyh12.me/j.php http://kmjh78.asia/j.php juyh12.me/j.php and kmjh78.asia/j.php: injects http://juyh12.me/js_f.php?v=tg0002 a library of functions to: grab a user's Facebook or Tagged session details solve captchas via http://mp56a.com/fn/cs/api/s_c.php?u send log data to http://juyh12.me/ss.php?r post to Facebook and Tagged js_f.php: same code as j.php What should have happened? It shouldn't steal your Facebook session information and post as a user without their consent.
Status: NEW → ASSIGNED
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.