为什么Chrome浏览器会自动将跨源请求发送到http://loadingpages.me/jo/is

Question

如果我访问github.com或任何其他网站，将发送以下HTTP请求（作为cURL）

curl 'http://loadingpages.me/jo/is?id=06EABEDF-9511-5AC0-B879-56F132D94E21&d=3168a8ab-1bcf-41ba-a65d-762b1336fdca&cl=upd' -H 'Referer: https://github.com/' --compressed

DNS响应如下：

$ nslookup
> server 8.8.8.8
Default server: 8.8.8.8
Address: 8.8.8.8#53
> loadingpages.me
Server:     8.8.8.8
Address:    8.8.8.8#53

Non-authoritative answer:
Name:   loadingpages.me
Address: 130.117.78.138

Answer 1

您感染了恶意软件，我遇到过here。您很高兴知道Apple目前没有采取任何措施通过安全更新将其从您的计算机中删除，也不会阻止它在未经您同意的情况下与loadingpages.me联系。

发送到该地址的数据可能包括恶意软件能够收集到的任何内容：我发现的一种病毒，包括Safari，Firefox和Chrome网络数据备份到它发送回家的内容（这可能包括Cookie和浏览历史记录）。

您必须立即运行防病毒软件，但如果此病毒未报告，则可能不足。我建议malwarebytes或Sophos AV。

Answer 2

它是某种恶意软件。查看~/Library/和~/Library/LaunchAgents目录以查找一些奇怪的脚本/应用程序。奇怪的是，我的意思是奇怪和意想不到的名字。

Answer 3

恶意软件，已删除...（无广告）

Answer 4

另外，尝试在~/Library/Caches/org.nn.updater/fsCachedData/目录中查找loadingpaqes.info内的 public static byte[] ComputeMasterSecret(byte[] pre_master_secret, byte[] client_random, byte[] server_random) { byte[] label = Encoding.ASCII.GetBytes("master secret"); var seed = new List<byte>(); seed.AddRange(client_random); seed.AddRange(server_random); var master_secret = PRF(pre_master_secret, label, seed.ToArray(), 48); return master_secret; } public static KeyMaterial ComputeKeys(byte[] master_secret, byte[] client_random, byte[] server_random) { /* * The cipher spec which is defined in this document which requires the most material is 3DES_EDE_CBC_SHA: it requires 2 x 24 byte keys, 2 x 20 byte MAC secrets, and 2 x 8 byte IVs, for a total of 104 bytes of key material. */ byte[] label = Encoding.ASCII.GetBytes("key expansion"); var seed = new List<byte>(); seed.AddRange(client_random); seed.AddRange(server_random); byte[] key_material = PRF(master_secret, label, seed.ToArray(), 104); //need 104 for TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite var km = new KeyMaterial(); int idx = 0; km.ClientWriteMACSecret = Utils.CopyArray(key_material, idx, 20); idx += 20; km.ServerWriteMACSecret = Utils.CopyArray(key_material, idx, 20); idx += 20; km.ClientWriteKey = Utils.CopyArray(key_material, idx, 24); idx += 24; km.ServerWriteKey = Utils.CopyArray(key_material, idx, 24); idx += 24; km.ClientWriteIV = Utils.CopyArray(key_material, idx, 8); idx += 8; km.ServerWriteIV = Utils.CopyArray(key_material, idx, 8); return km; } public static byte[] PRF(byte[] secret, byte[] label, byte[] seed, int outputLength) { List<byte> s1 = new List<byte>(); List<byte> s2 = new List<byte>(); int size = (int)Math.Ceiling((double)secret.Length / 2); for(int i=0;i < size; i++) { s1.Add(secret[i]); s2.Insert(0, secret[secret.Length - i - 1]); } var tbc = new List<byte>(); tbc.AddRange(label); tbc.AddRange(seed); var md5Result = MD5Hash(s1.ToArray(), tbc.ToArray(), outputLength); var sha1Result = SHA1Hash(s2.ToArray(), tbc.ToArray(), outputLength); var result = new List<byte>(); for (int i = 0; i < outputLength; i++) result.Add((byte)(md5Result[i] ^ sha1Result[i])); return result.ToArray(); } /// <summary> /// P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) + /// HMAC_hash(secret, A(2) + seed) + /// HMAC_hash(secret, A(3) + seed) + ... /// Where + indicates concatenation. /// A() is defined as: /// A(0) = seed /// A(i) = HMAC_hash(secret, A(i-1)) /// </summary> /// <param name="secret"></param> /// <param name="seed"></param> /// <param name="iterations"></param> /// <returns></returns> private static byte[] MD5Hash(byte[] secret, byte[] seed, int outputLength) { int iterations = (int)Math.Ceiling((double)outputLength / 16); HMACMD5 HMD5 = new HMACMD5(secret); var result = new List<byte>(); byte[] A = null; for (int i = 0; i <= iterations; i++) if (A == null) A = seed; else { A = HMD5.ComputeHash(A); var tBuff = new List<byte>(); tBuff.AddRange(A); tBuff.AddRange(seed); var tb = HMD5.ComputeHash(tBuff.ToArray()); result.AddRange(tb); } return result.ToArray(); } private static byte[] SHA1Hash(byte[] secret, byte[] seed, int outputLength) { int iterations = (int)Math.Ceiling((double)outputLength / 20); HMACSHA1 HSHA1 = new HMACSHA1(secret); var result = new List<byte>(); byte[] A = null; for (int i = 0; i <= iterations; i++) if (A == null) A = seed; else { A = HSHA1.ComputeHash(A); var tBuff = new List<byte>(); tBuff.AddRange(A); tBuff.AddRange(seed); var tb = HSHA1.ComputeHash(tBuff.ToArray()); result.AddRange(tb); } return result.ToArray(); } 奇怪文件，我也会删除此文件

Answer 5

删除此文件：〜/ Library / LaunchAgents / com.ectropium.plist