Closed boghyon closed 1 year ago
@ggoodman Seems to be fixed. I can't find the codefund
references anymore. So the malicious click
handler is also gone. Thanks!
Oh gosh. I can't believe I missed this issue. Indeed, that slipped through the cracks with an ad locker running in my browser. Thanks for reporting ❤️.
@ggoodman The issue is reproducible again! This is categorized as malware by my employer.
This is very urgent.
Hi @boghyon, I've redeployed the embedded site with the remaining pixel references removed.
The
embed.plnkr.co
currently serves the following two scripts:They both attempt to add the following
click
handler:On 30. June 2020, there was an announcement that CodeFund is shutting down: https://web.archive.org/web/20200630235914/https://codefund.io/ Now that CodeFund is gone, all webpages using the above CDN address serve ads on click thanks to Skenzo Ltd. parking the domain
codefund.app
and spreading ads and possibly malware.I think referring to remote scripts without
integrity="<hash>"
is not a good approach.TL;DR
Please remove
codefund
CDN addresses and make use ofintegrity
for all remaining remote scripts if applicable.