Android redirect

[Birini]

Hi,

 

I'm using a brand new Nexus 5X with Project Fi. I've had it about a week and I have only downloaded apps I trust: MLB at bat, Twitter, Steam, Blizzard Authenitcator, Microsoft account, and Clash of Clans. I've also been very careful about the sites I visit. (No Pirate Bay, no porn, etc.) Today I followed a link from twitter to mlbtraderumors.com and found myself staring at a buzzing phone with some sort of a "prize" as a Time Warner customer. (They are my ISP.)

 

When I checked the history, I found the following:

 

data:text/html;base64,PCFET0NUWVBFIGh0bWw+PGh0bWw+PGhlYWQ+PG1ldGEgbmFtZT0idmlld3BvcnQiIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCwgdXNlci1zY2FsYWJsZT1mYWxzZSwgaW5pdGlhbC1zY2FsZT0xLjAsIG1heGltdW0tc2NhbGU9MS4wIj48L2hlYWQ+PGJvZHk+PGRpdiBpZD0iaWZybSIgc3R5bGU9InBhZGRpbmc6MDsgbWFyZ2luOjA7Ij48aWZyYW1lIHNyYz0iaHR0cHM6Ly9zMy5hbWF6b25hd3MuY29tL25vdGlmaWNhdGlvbmNlbnRlci91cy9pbnN0YW50d2lubmVyL2c5WFdOb01Kam5NSEN4bW54UHFqWWtORDd6US5odG1sP3NpZD05IiBzdHlsZT0idG9wOjA7IGxlZnQ6MDsgd2lkdGg6MTAwJTsgaGVpZ2h0OjEwMCU7IHBvc2l0aW9uOiBhYnNvbHV0ZTsgYm9yZGVyOjAiIHNjcm9sbGluZz0ieWVzIiBhbGxvd0Z1bGxTY3JlZW49InllcyI+PC9pZnJhbWU+PC9kaXY+PC9ib2R5PjwvaHRtbD4=

 

Which decodes to his:

 

<!DOCTYPE html><html><head><meta name="viewport" content="width=device-width, user-scalable=false, initial-scale=1.0, maximum-scale=1.0"></head><body><div id="ifrm" style="padding:0; margin:0;"><iframe src="https://s3.amazonaws.com/notificationcenter/us/instantwinner/g9XWNoMJjnMHCxmnxPqjYkND7zQ.html?sid" style="top:0; left:0; width:100%; height:100%; position: absolute; border:0" scrolling="yes" allowFullScreen="yes"></iframe></div></body></html>

 

I'm assuming I already have some sort of malware on the phone. Is there any way to get rid of it?

[a_Mbam]

Hi Birini,

Thanks for reporting these sites. These are browser related, unfortunately this is caused by how the browsers are handling javascript and the redirections. Chrome doesn’t do a great job of preventing these redirects or pop-ups. Advertising affiliates have found this loop hole and have been exploiting it. If they get shutdown it’s only a temporary fix, cause they’ll be back with a new affiliate id.

The only way to block is to try a different browser, disable javascript, install a browser with ad blocking (like Opera), or install Ad-block Plus. Ad-block Plus works only with Wifi and needs additional configuration, but works.

 

https://adblockplus.org/en/android-install

 

If you encounter these pop-ups again, back out of the using Android's back key.

 

Regards,

 

-Armando

[Birini]

I'd like to respectfully submit that there's something more happening with these. No one else that I know who uses Android/Chrome is seeing this yet I now see it every day (from different, unrelated sites). So I'll totally believe that Chrome is more open to the redirect but it seems they are somehow "targeting" me.

[Birini]

You probably don't care, but I'm getting the same redirect error on Opera now with ads blocked.

[a_Mbam]

HI Birini,

What sites are you visiting that you are getting these redirects? These redirections are browser related, on the site you visit are ads that are set to be delivered--the ad affiliate is serving up shady advertisements and you browsers save tabs.

What you can try next is clearing the stored data by your browsers.
   Open Android Settings -> Apps -> Chrome/Opera -> Clear data and Clear cache OR Storage -> Clear cache (depending on Android version)

After those steps you will lose any save log in data and open tabs.

Regards,

-Armando