Promethean® Screen ShareSecurity Analysis

Uses eval() to execute dynamic code, a common technique for obfuscation and code injection.

Creates functions from strings, similar to eval(), often used to hide malicious code.

Dynamically creates script elements, potentially loading external malicious code.

Dynamically sets a script's src attribute to load external code at runtime.

Uses eval() to execute dynamic code — a common vector for code injection.

Creates a function from a string (new Function()), similar to eval().

Sends messages via Chrome runtime, could communicate with external services.

Decodes base64 data, commonly used to hide malicious payloads.

Opens WebSocket connections, which can be used for persistent command-and-control channels.

Uses XMLHttpRequest to make network calls.

Dynamically creates iframe elements, which can be used to load external content or hide malicious UI.

Modifies window.location to redirect the user, potentially to phishing or malicious pages.

Opens a WebSocket connection, which can be used for persistent C2 channels.

JavaScript file could not be parsed. May contain obfuscated or minified code.

Line exceeds 5000 characters (entropy: 5.194034297898807)

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Encodes data to base64, may be used for data exfiltration.

Sets innerHTML directly, which can lead to XSS if used with untrusted data.

background/offscreen/index.js

pages/dropdown/index.js

pages/dropdown/index.js

pages/dropdown/options.js

pages/libs/react.production.min.js