How did this site "manipulate" the mouse position?

Asked

Viewed 249 times

5

As usual, that question there is already an answer to that. Unfortunately I was surprised to browse a malicious site unintentionally. He was able to manipulate the mouse position, preventing me from accessing an element on the page. Can anyone understand how he did it? I tried to get the coding by accessing the developer tools, but they make it very difficult.

I don’t know if I can post the site here because it’s dangerous, but I can edit the question and insert it later. At the moment I’m going to post a video of the site I’m talking about:

www.abner.Xyz/video/video.mp4

The link to the site is (beware when accessing):

app.freerealapp.cool/Landing/propwl/688988/? lp=2

javascript security-guard
  • 3

    Most of the ones I’ve seen doing this "simulate" a cursor that isn’t the real one - hides the original and displays an arrow "drawing". - In the specific case mentioned above, link app(.)freerealapp(.)cool , could be some malware that uses some Chrome bug (in this case, the many Chrome bugs are known as "Features"). By the way, I find it amazing so many people use this browser.

  • @Bacco! You’re right! An image simulating the mouse is displayed and I didn’t notice. As soon as I try to click somewhere on the site appears the real mouse. If you can access the link I put in the question edition you can do the test.

  • I don’t use Chrome, other browsers don’t open. I have Chrome in VM testing to assess functionality of my work, but not on the PC I’m currently using.

1 answer

2


The most plausible answer of how the site managed to do this is using Keyword values, more precisely "None"

cursor: None;

This way it can "hide" the cursor but it is still in place, if you right-click for example ( would be an excellent test ) could identify the exact location of the cursor, just above the exact location of your cursor it would add an image "off the Alert" of a cursor thus deceiving anyone who had tried to click to exit, but I remember again that if you click even without seeing the cursor would work, currently nor in the future I believe it is possible to manipulate the mouse cursor with javascript except with an extension installed directly in the browser or something like.

<div style="cursor:none;">Teste cursor</div>

Browser other questions tagged javascript security-guard

You are not signed in. Login or sign up in order to post.