Something injecting malicious looking css data code?! wtf?

I am VERY confused seeing all these URLs including some xxx being placed inside some css-data code? Even on my bubble.io app landing page. Looks extremally suspect and can anyone confirm its on their apps? OR is this preventative?? My assumption is the code makes it ‘click’ all those links in the background on load, giving someone tons of hits / cash on the back end if it’s ad view related?

Doesnt seem to be bubble app. I rhink you should asknon stackoverflow or something like that

Yes this is my app - https://eddieadolf.com my portfolio look at it in inspector


Here is a better view of where it is being injected

It’s hard to see what the content is. Plugin can add stuff on the page. You can preview in safe mode and inspect

check the inspector of your own dashboard, it’s there too!

A few questions:
Does this happen on multiple browsers?
Does it happen in private/incognito mode?
Does it happen on other websites? (If the answer is yes to this one, it’s 100% your device that’s got an issue.)

1 Like

My app, and my Bubble dashboard, don’t have that. I just checked all the <style> tags (there are 4 I found in the dev tools), and none of them look even remotely like yours. Your device and/or browser are likely the problem.

1 Like

I agree with @samnichols. I see no such <style> element in my Bubble app.

Are you using any Chrome extensions? If so, I’d suggest disabling all of them temporarily to see if the issue goes away. Extensions can inject code and styles into your pages.

6 Likes

Indeed, like others have said, I’m not seeing any of that on my browser (either on the Bubble dashboard, or on your app)…

My thought was it could be a Chrome extension too… but it definitely seems to be an issue with your browser, rather than with your app or with Bubble…

2 Likes

Thanks you all for responding, I am so confused. I am using Brave browser. I removed all extensions, and restarted the browser. They are still there, and change every time with refresh! I do not get the issue in a private window. Larger websites like google seem to block it but I all that’s left is the browser or something else on my system doing it maybe? I thought brave was supposed to be the solution but maybe its the issue. I’m going to try chrome and let you know.

Have you ever seen this before? It’s weirding me out that it’s not the extensions.

it happens in chrome with no extensions at all on a fresh install. :frowning:

Does this happen on any other websites besides bubble?

(Correction it does happen on private windows) AND yes, it does happen on websites just tried, Craigslist (google facebook seem to block it). Doing some research I can see its a 1px iframe that injects these, I still have absolutely no clue what on my system would be doing this outside of the browser.

That’s really bizarre. It has to be a local program, especially if you installed a brand new browser and have the same issue.

Maybe try something like Malwarebytes (https://www.malwarebytes.com/) and do a quick scan to see if it finds anything?

2 Likes

It found nothing! Wow. shit. … Um. What in the hell. :sweat_smile: – Can’t find anything online. But here’s a similar issue but not 100s of urls like mine https://www.reddit.com/r/javascript/comments/1ju6ks/js_i_found_being_injected_to_my_open_web_pages/

If its on my system Windows Defender Malware Deep scan thing didn’t even find it. I’m down to thinking its Nord NVP or something? But I’m at a loss.

If you can’t find anything online to explain it, and your antivirus programs can’t find it, then you can also try:

  • deleting any potentially sketchy programs
  • reverting back to an earlier system save point
  • doing a windows reinstall

It could be a ad blocker you once installed.

This is at least seen before, and sound similar to your issue.

Maybe try download another anti virus and use their trial period. Windows Defender is ehm good, but since they didn’t kill all the competition. I guess others are still relevant.

1 Like

Resetting Windows 11 (but keeping person files) was the solution!

This was not found by any attempts with malware detection and I tried 4 different solutions. Would be an amazing opportunity for someone to make a proper scanner for this situation, but again it goes insanely undetected, somehow, and only detected by happenstance when I looked at the code! I even called my ISP and blamed them :sweat_smile:, which still could have been the cause of the infection… I don’t think I’ll ever know.

Thanks everyone for your help!

1 Like

I must say I am quite horrified that the solution for this kind of issue is the good ol’ formatting, same as it was more than 20 years ago. Notwithstanding the wreck of non-functioning applications afterwards due to scattered parameters in the, therefore erased, registry.

Not saying one system is better than another, but I am glad I transitioned to UNIX systems since then.

1 Like