JoelS Posted December 14, 2016 ID:1080293 Share Posted December 14, 2016 I was browsing what appeared to be a legitimate site using Android 6,01, Chrome 54.0.2480.85. The phone has Malwarebytes, Kaspersky, and CCCleaner. Popups are blocked in Chrome. Java is enabled. I do not download any software except that arriving by system notification (and of course, MB, Kasp, and CCC). There aren't any apps listed that don't seem to be legit. A popup appeared saying "Your device is heavily infected" etc. Scans by MBytes and Kaspersky were negative. I flushed the cache to make sure not to visit the site again. So far, no more popups. What mechanism was likely used for this attack? Is there any additional software that might help block or detect such attacks? Thank you. Link to post Share on other sites More sharing options...
GeoNez Posted December 25, 2016 ID:1083894 Share Posted December 25, 2016 The mechanism is getting you to respond to the message. Usually, the only two appropriate responses are to close the browser or pull the battery. Assume there was also some: "click here to clean your device, cure cancer and make the world a better place all at the same time" button, and if you are unfortunate enough to click on it, it often proceeds to encrypt your phone and the ransom ware payload has been delivered. You seem to have dodged the bullet, so congratulations. Recent and complete backups are also very useful. When in doubt, do not click. Used to be alleged pictures of the tennis player Anna Kournikova. The enticements vary over time. When in doubt, do not click. Merry Christmas. Link to post Share on other sites More sharing options...
MHN39 Posted December 25, 2016 ID:1083917 Share Posted December 25, 2016 Hi JoelS. To add to what GeoNez said, this article from Malwarebytes Labs might answer why the pop-up happened and how to avoid it. https://blog.malwarebytes.com/cybercrime/2016/10/mobile-menace-monday-youve-been-infected-or-have-you/ Link to post Share on other sites More sharing options...
JoelS Posted December 26, 2016 Author ID:1084164 Share Posted December 26, 2016 23 hours ago, MHN39 said: Hi JoelS. To add to what GeoNez said, this article from Malwarebytes Labs might answer why the pop-up happened and how to avoid it. https://blog.malwarebytes.com/cybercrime/2016/10/mobile-menace-monday-youve-been-infected-or-have-you/ Thanks. Link to post Share on other sites More sharing options...
JoelS Posted December 26, 2016 Author ID:1084166 Share Posted December 26, 2016 On 12/25/2016 at 2:04 PM, GeoNez said: The mechanism is getting you to respond to the message. Usually, the only two appropriate responses are to close the browser or pull the battery. Assume there was also some: "click here to clean your device, cure cancer and make the world a better place all at the same time" button, and if you are unfortunate enough to click on it, it often proceeds to encrypt your phone and the ransom ware payload has been delivered. You seem to have dodged the bullet, so congratulations. Recent and complete backups are also very useful. When in doubt, do not click. Used to be alleged pictures of the tennis player Anna Kournikova. The enticements vary over time. When in doubt, do not click. Merry Christmas. Thanks, GeoNez. Link to post Share on other sites More sharing options...
larsonreever Posted February 8, 2017 ID:1100038 Share Posted February 8, 2017 On 12/26/2016 at 2:34 AM, GeoNez said: The mechanism is getting you to respond to the message. Usually, the only two appropriate responses are to close the browser or pull the battery. Assume there was also some: "click here to clean your device, cure cancer and make the world a better place all at the same time" button, and if you are unfortunate enough to click on it, it often proceeds to encrypt your phone and the ransom ware payload has been delivered. You seem to have dodged the bullet, so congratulations. Recent and complete backups are also very useful. When in doubt, do not click. Used to be alleged pictures of the tennis player Anna Kournikova. The enticements vary over time. When in doubt, do not click. Merry Christmas. Very much thanks, actually sound info........... Link to post Share on other sites More sharing options...
malbytes24 Posted February 10, 2017 ID:1100777 Share Posted February 10, 2017 On 12/14/2016 at 8:19 AM, JoelS said: I was browsing what appeared to be a legitimate site using Android 6,01, Chrome 54.0.2480.85. The phone has Malwarebytes, Kaspersky, and CCCleaner. Popups are blocked in Chrome. Java is enabled. I do not download any software except that arriving by system notification (and of course, MB, Kasp, and CCC). There aren't any apps listed that don't seem to be legit. A popup appeared saying "Your device is heavily infected" etc. Scans by MBytes and Kaspersky were negative. I flushed the cache to make sure not to visit the site again. So far, no more popups. What mechanism was likely used for this attack? Is there any additional software that might help block or detect such attacks? Thank you. if a popup says your device is heavily infected and its not from your antivirus or antimalware, ignore it,its a scam. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now