Jump to content

Recommended Posts

Hi,

 

I'm using a brand new Nexus 5X with Project Fi. I've had it about a week and I have only downloaded apps I trust: MLB at bat, Twitter, Steam, Blizzard Authenitcator, Microsoft account, and Clash of Clans. I've also been very careful about the sites I visit. (No Pirate Bay, no porn, etc.) Today I followed a link from twitter to mlbtraderumors.com and found myself staring at a buzzing phone with some sort of a "prize" as a Time Warner customer. (They are my ISP.)

 

When I checked the history, I found the following:

 

data:text/html;base64,PCFET0NUWVBFIGh0bWw+PGh0bWw+PGhlYWQ+PG1ldGEgbmFtZT0idmlld3BvcnQiIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCwgdXNlci1zY2FsYWJsZT1mYWxzZSwgaW5pdGlhbC1zY2FsZT0xLjAsIG1heGltdW0tc2NhbGU9MS4wIj48L2hlYWQ+PGJvZHk+PGRpdiBpZD0iaWZybSIgc3R5bGU9InBhZGRpbmc6MDsgbWFyZ2luOjA7Ij48aWZyYW1lIHNyYz0iaHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL25vdGlmaWNhdGlvbmNlbnRlci91cy9pbnN0YW50d2lubmVyL2c5WFdOb01Kam5NSEN4bW54UHFqWWtORDd6US5odG1sP3NpZD05IiBzdHlsZT0idG9wOjA7IGxlZnQ6MDsgd2lkdGg6MTAwJTsgaGVpZ2h0OjEwMCU7IHBvc2l0aW9uOiBhYnNvbHV0ZTsgYm9yZGVyOjAiIHNjcm9sbGluZz0ieWVzIiBhbGxvd0Z1bGxTY3JlZW49InllcyI+PC9pZnJhbWU+PC9kaXY+PC9ib2R5PjwvaHRtbD4=

 

Which decodes to his:

 

<!DOCTYPE html><html><head><meta name="viewport" content="width=device-width, user-scalable=false, initial-scale=1.0, maximum-scale=1.0"></head><body><div id="ifrm" style="padding:0; margin:0;"><iframe src="https://s3.amazonaws.com/notificationcenter/us/instantwinner/g9XWNoMJjnMHCxmnxPqjYkND7zQ.html?sid" style="top:0; left:0; width:100%; height:100%; position: absolute; border:0" scrolling="yes" allowFullScreen="yes"></iframe></div></body></html>

 

I'm assuming I already have some sort of malware on the phone. Is there any way to get rid of it?

Link to post
Share on other sites
  • Staff

Hi Birini,

Thanks for reporting these sites. These are browser related, unfortunately this is caused by how the browsers are handling javascript and the redirections. Chrome doesn’t do a great job of preventing these redirects or pop-ups. Advertising affiliates have found this loop hole and have been exploiting it. If they get shutdown it’s only a temporary fix, cause they’ll be back with a new affiliate id.

The only way to block is to try a different browser, disable javascript, install a browser with ad blocking (like Opera), or install Ad-block Plus. Ad-block Plus works only with Wifi and needs additional configuration, but works.
 
 
If you encounter these pop-ups again, back out of the using Android's back key.
 
Regards,
 
-Armando
Link to post
Share on other sites
  • 2 weeks later...

I'd like to respectfully submit that there's something more happening with these. No one else that I know who uses Android/Chrome is seeing this yet I now see it every day (from different, unrelated sites). So I'll totally believe that Chrome is more open to the redirect but it seems they are somehow "targeting" me.

Link to post
Share on other sites
  • 4 weeks later...
  • 2 weeks later...
  • Staff

HI Birini,

What sites are you visiting that you are getting these redirects? These redirections are browser related, on the site you visit are ads that are set to be delivered--the ad affiliate is serving up shady advertisements and you browsers save tabs.

What you can try next is clearing the stored data by your browsers.
   Open Android Settings -> Apps -> Chrome/Opera -> Clear data and Clear cache OR Storage -> Clear cache (depending on Android version)

After those steps you will lose any save log in data and open tabs.

Regards,

-Armando

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.