Adkrig Ad BlockerSecurity Analysis

Uses eval() to execute dynamic code, a common technique for obfuscation and code injection.

Creates functions from strings, similar to eval(), often used to hide malicious code.

Injects and executes scripts in web pages programmatically.

Uses data URIs to execute code, bypassing content security policies.

Manages other extensions, could disable security tools or install malware.

Passes a string to setTimeout(), which is evaluated like eval() — a code injection vector.

Passes a string to setInterval(), which is evaluated like eval() — a code injection vector.

Object.defineProperty() called on window — can intercept and override built-in browser APIs.

Sends messages via Chrome runtime, could communicate with external services.

Decodes base64 data, commonly used to hide malicious payloads.

Uses XMLHttpRequest to make network calls.

Dynamically creates iframe elements, which can be used to load external content or hide malicious UI.

Modifies window.location to redirect the user, potentially to phishing or malicious pages.

JavaScript file could not be parsed. May contain obfuscated or minified code.

Line exceeds 5000 characters (entropy: 5.643289033795224)

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Sets innerHTML directly, which can lead to XSS if used with untrusted data.

String with entropy 5.95 bits — may be encoded/encrypted data

js/background.js