JS injection hack from Add To Any?

  • Resolved chabekah

    (@chabekah)


    2 years, 11 months ago

    Hi folks,

    we are using the “Add To Any” plugin. We noticed yesterday that in mobile view, when first time visitors to the site click on links on our pages, a pop-up to a variety of spam sites appears – but only once. When I track down the offending piece of Javascript triggering this, it appears to be coming from addtoany.min.js?ver=1.1 (even though we are running v 1.8.4, your latest version) on our site.

    This script is loading something called gmt.js from //cdn.ocamw.xyz/gmt.js – which is a domain registered 6 days ago in Moscow. The script is heavily obfuscated. I can tell it is checking for mobile stuff, but I can’t say whether it is doing the pop-ups as well.

    I have tried disabling the “add to any” plugin, but it hasn’t made any difference – and in fact the “add to any” sharing buttons are still appearing on our site even when disabled. I can’t delete the “add to any” plugin and test with a replacement at the moment.

    Any chance you can check whether this is a problem with your plugin? In order to test, you’ll need to switch into mobile view in incognito mode.

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘JS injection hack from Add To Any?’ is closed to new replies.