1

I was reading this article where it talks about hackers using Javascript to load windows off the screen:

https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/

Here's a screenshot of what I'm talking about:

https://blog.malwarebytes.com/wp-content/uploads/2017/11/os_compare.png

I don't have a need for it anymore, but was trying to load windows like this for a project I was previously working on.

This was the closest I could get to it:

window.open("https://example.com/", "Example","width=10,height=10,left=10000,top=10000,status=no,toolbar=no,scrollbars=no,resizable=no,directories=no,location=no,menubar=no,fullscreen=no,visible=none");

What exactly was I missing when I tried doing it?

ShadowAccount
  • 171
  • 2
  • 7
  • Take a look at: https://stackoverflow.com/questions/5180684/hidden-window-using-javascript. Seems like this code did indeed work on older browsers, but newer browsers are blocking it. – ElliotSchmelliot Oct 20 '18 at 00:56
  • I'm not sure what happened, and I was only able to perform it once (Chrome 69), but changing the `height` to `0` instead of `10` *once* gave me a window whose title bar was more than halfway under the taskbar. Can't get it to do that again, for some reason the same code results in the window coming up normal-sized around the center of the monitor. – CertainPerformance Oct 20 '18 at 00:57
  • Yea everything I can find that claims to do it is from before 2012. Someone was obviously doing it less than a year ago based off the article - so I'm guessing they were using a different method because none of those old ones seem to work anymore. – ShadowAccount Oct 20 '18 at 00:58
  • By the way, I've also search sec/bug reports to Chrome and Firefox about this - but couldn't find any reports about it or anywhere they mentioned fixing it in the past year. – ShadowAccount Oct 20 '18 at 01:01
  • @CertainPerformance that's better than what I've been able to do. This isn't anything time sensitive. Just irritated that someone else figured it out and I couldn't lol – ShadowAccount Oct 20 '18 at 01:02

0 Answers0