[Userscript.org] Script with bad intentions...

I was looking through Userscripts, when I saw the following userscript -https://userscripts.org/scripts/show/168982

The description as you see is:

Mandatory use encryption connection https. Gets rid of almost every google tracking device. Disable the Google search rewrite, always showing and using the real, original, direct link URLs, also to prevent from using redirected pages

But, if you look at the source code, it will actually do something in Facebook, not Google, at all.

-https://userscripts.org/scripts/review/168982

My JavaScript skills aren't that great, so I don't understand everything, but I wonder if the author is in the hope of fooling the unaware user for some bad action on Facebook accounts?

 

One thing is clear: the description has nothing to do with the source code, so this is reason enough to keep away from it.

I don't have the JS skills to analyse it, but googling for a phrase inside the source code ("Auto Suggest by Eran") will show you a lot of clones of that script.

 

Userscripts.org Scam Filter 5.207 flags it as a suspected scam.





-https://userscripts.org/scripts/show/163038

 

I used http://jsunpack.jeek.org to analyise it, & amongst Lots of other stuff, found these strings.

*

suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes

hidden|password|search

googlesyndication.com

"facebook_like"&&e!="twitter_tweet"

navigator.systemLanguage=zh-cn

*

Chinese ? PW ? etc ! I'm no JS expert either, but "suspicious" appears to be correct. Apart from anything else, it sounds like it "could" be a Click Fraud due to the GS ?

How many people would/Will get caught out with this ? Quite a Large number i guess !

 

A new review agrees and confirms our suspicions. How does Userscripts.org review new scripts anyways?

 

I think the users themselves appear to be the ones reviewing the scripts.

Someone is claiming that a button to report as scam/malicious is needed at the scripts page. -https://userscripts.org/topics/704?page=8 (one of the last comments)

 

Shouldn't have used the same word, I meant Userscripts.org's vetting process. Surprisingly, the script is still up, do they even listen to their own users?

 

I understood your question. I took a look at the website yesterday, and couldn't find anything related to any vetting process. It does seem that the only way to know whether some script may be malicious is for someone with some knowledge/applies some logic to spot it. That seems to be it.

Maybe the Userscript founders thought that because users can see the scripts code, everyone can analyse them and known whether or not they're malicious. If true, it's a crazy way of looking at things.