MyJDownloader Browser ExtensionSecurity Analysis

Default key derivation uses single MD5 iteration, making encrypted data easily brutable

Default key derivation uses single MD5 iteration, making encrypted data easily brutable

Extension intercepts network traffic and sends data externally — potential man-in-the-middle behavior.

Dynamically creates script elements, potentially loading external malicious code.

Dynamically sets a script's src attribute to load external code at runtime.

Injects and executes scripts in web pages programmatically.

Uses eval() to execute dynamic code, a common technique for obfuscation and code injection.

Creates functions from strings, similar to eval(), often used to hide malicious code.

Assigns an external URL to .src property: https://www.google.com/recaptcha/enterprise.js?render=explicit

Uses eval() to execute dynamic code — a common vector for code injection.

Content script runs at document_start in ALL frames on ALL URLs. This gives the extension deep access to every page load, including iframes.

Sends messages via Chrome runtime, could communicate with external services.

Uses document.write() which can inject arbitrary HTML/scripts into pages.

Uses XMLHttpRequest to make network calls.

Dynamically creates iframe elements, which can be used to load external content or hide malicious UI.

Decodes base64 data, commonly used to hide malicious payloads.

Modifies window.location to redirect the user, potentially to phishing or malicious pages.

Intercepts form submissions, could capture login credentials.

Line exceeds 5000 characters (entropy: 6.092357462052088)

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Sets innerHTML directly, which can lead to XSS if used with untrusted data.

Encodes data to base64, may be used for data exfiltration.

Reads or writes to localStorage, which may contain sensitive site data.

String with entropy 5.61 bits — may be encoded/encrypted data

Extension uses a persistent background page (always running). This is a MV2 pattern that keeps the extension loaded in memory at all times.

JavaScript file could not be parsed. Likely minified or bundled code.

scripts/controllers/AddLinksController.js

vendor/crypto-js/components/core.js

vendor/crypto-js/rollups/aes.js

vendor/crypto-js/rollups/hmac-sha256.js

vendor/js/angular-animate.js

vendor/js/angular-cookies.js

vendor/js/angular-resource.js

vendor/js/angular-route.js

vendor/js/angular-sanitize.js

vendor/js/angular-touch.js

vendor/js/angular.js

vendor/js/bootstrap.js

vendor/js/bootstrap.js

vendor/js/bootstrap.js

vendor/js/jdapi.js

vendor/js/jquery.js

vendor/js/rx.all.js