Pluso began to place scripts and images on third-party resources
Hi, Habr!
Pluso is probably known to many - a service for installing beautiful buttons on a website. Initially, he attracted attention for its simplicity and ease of operation. We used it for about six months.
Recently, the development team of our site discovered an unusual code that was embedded in the body tag of the page. Here are some scripts that were discovered using the Document Inspector:
')
We tried to connect their script to a blank page (the text of the page in the image below):
And this is what can be seen in the document inspector:
Log download scripts:
I don’t know why all this is needed to display icons, but there’s clearly a lot of unnecessary stuff here. Perhaps additional scripts are not connected immediately, but over time, I do not know. At the first connection, this was not noticed.
Since the mention of such a service in the service has not met before, I decided to write a post and warn users of this service. Perhaps this is some kind of virus or trojan.
PS After removing this plugin from the site, uploading of all additional scripts and frames has stopped. I deliberately did not specify the address of the site, so as not to cause habraeffekt.
Pluso is probably known to many - a service for installing beautiful buttons on a website. Initially, he attracted attention for its simplicity and ease of operation. We used it for about six months.
Recently, the development team of our site discovered an unusual code that was embedded in the body tag of the page. Here are some scripts that were discovered using the Document Inspector:
')
We tried to connect their script to a blank page (the text of the page in the image below):
And this is what can be seen in the document inspector:
Log download scripts:
I don’t know why all this is needed to display icons, but there’s clearly a lot of unnecessary stuff here. Perhaps additional scripts are not connected immediately, but over time, I do not know. At the first connection, this was not noticed.
Since the mention of such a service in the service has not met before, I decided to write a post and warn users of this service. Perhaps this is some kind of virus or trojan.
PS After removing this plugin from the site, uploading of all additional scripts and frames has stopped. I deliberately did not specify the address of the site, so as not to cause habraeffekt.
Source: https://habr.com/ru/post/231887/
All Articles