This is often performed by injecting an "ethereum" item towards the browser window. You will need to now look ahead to the ethereum.enable() purpose to return legitimate after prompting the person. More details right here: What appears to be much more probably is that there is some sort of XSS-like https://petera455gar7.wikiinside.com/user
