Shimeji Browser ExtensionSecurity Analysis

Extension has access to all sites and captures keyboard input — behavior consistent with a keylogger.

Creates functions from strings, similar to eval(), often used to hide malicious code.

Dynamically creates script elements, potentially loading external malicious code.

Listens for keyboard events, a common technique used by keyloggers.

Manages other extensions, could disable security tools or install malware.

Creates a function from a string (new Function()), similar to eval().

Uses XMLHttpRequest to make network calls.

Dynamically creates iframe elements, which can be used to load external content or hide malicious UI.

Sends messages via Chrome runtime, could communicate with external services.

Line exceeds 5000 characters (entropy: 5.154032439752678)

This extension does not define a Content Security Policy. A CSP helps prevent XSS and code injection attacks.

Web-accessible resources use <all_urls> or wildcard patterns, exposing resources to every website.

Content script matches <all_urls>, executing on every website the user visits.

Sets innerHTML directly, which can lead to XSS if used with untrusted data.

Extension accepts messages from 1 external pattern(s). Verify these are trusted origins.

popup.d6320669.js