Jump to content

Android: chrome redirect (not same as others posted on here)


Recommended Posts

On 12/22/2020 at 3:51 PM, rosho01 said:

btw, how did you guys find this thread? 

did you search on the same urls i posted?

I searched for the URL it was trying to open, vbg.dorputolano.com and found your posting.

Thank-you for figuring this out.

  • Like 1
Link to post
Share on other sites

I had an additional problem. Whenever I unlocked my phone, it would automatically open a Chrome browser to this garbage site.

Either way, same as above, I searched the url and found this post, and uninstalled Barcode Scanner. Problem fixed.

Thank you.

  • Like 1
Link to post
Share on other sites

I flagged this to the app's creator, and he refuses to believe that it's happening. He says that it's a clone of his app or something.

Either he's BSing, or he honestly doesn't know that someone has done something to his app. Either way, hopefully he will fix it. Only solution is uninstall for now.

  • Thanks 1
Link to post
Share on other sites

I'm new to forums really so bear with me. I don't see the actual steps Anon00 posted that solved it. I checked my google activity and i see apps (formatted like app.google.function.com or com.google.helpr, etc) but I don't see anything I can do to clear/remove them.  I did delete Barcode scanner and I am waiting to see if that vbg.dorputolano.com thing returns but if there is a fix by Anon00 I don't see what it is

Link to post
Share on other sites

@mbam_mtbr
The dev is saying that he hasn't updated it since 2019, and that something else must be exploiting something in his code to push this. The result is currently the same, but this is just a heads up incase he fixes the issue then this would be mislabeled as adware in your system.

Bug report discussing this issue: https://github.com/zxing/zxing/issues/1345

  • Like 1
Link to post
Share on other sites
  • Staff
1 hour ago, Grifta said:

@mbam_mtbr
The dev is saying that he hasn't updated it since 2019, and that something else must be exploiting something in his code to push this. The result is currently the same, but this is just a heads up incase he fixes the issue then this would be mislabeled as adware in your system.

Bug report discussing this issue: https://github.com/zxing/zxing/issues/1345

Thanks for letting me know.  I'm confident that if he fixes the issues, our detection will not detect a cleaned up version.

Nathan

  • Like 1
Link to post
Share on other sites
On 1/12/2021 at 9:29 PM, Grifta said:

I flagged this to the app's creator, and he refuses to believe that it's happening. He says that it's a clone of his app or something.

Either he's BSing, or he honestly doesn't know that someone has done something to his app. Either way, hopefully he will fix it. Only solution is uninstall for now.

some of the adverts go to reputable companies (virgin media in this case, for me) - i wonder how these companies benefit from these nefarious practices w/o any consequences? bit like ads on torrent sites i guess, probably go through an agency/3rd party and absolve of all responsibility. 

 

and a Q for the mods @mbam_mtbr - how can this persons app get infected en route to being downloaded? would that not mean a bigger vulnerability in the pipeline/infra possibly impacting every app (with similar code weaknesses) which is downloaded? or is the guy talking BS? 

 

Link to post
Share on other sites

btw, when googling this issue a while back, it seems there are similar malware on other barscanner apps going back a few years - perhaps its to do with how these bar code apps are designed? and they are then infected en route to being downloaded - however this occurs, not sure.  

Link to post
Share on other sites

I got several emails directing me to specific posts but those don't say anything about what I can do.  Am I missing something?  deleted barcode scanner and went to site settings and removed all the sites listed that were suspicious, when was all but google.com and youtube.com.  I'll monitor chrome for the problem but hopefully it won't happen again

 

Link to post
Share on other sites
11 hours ago, jarapper said:

I'm new to forums really so bear with me. I don't see the actual steps Anon00 posted that solved it. I checked my google activity and i see apps (formatted like app.google.function.com or com.google.helpr, etc) but I don't see anything I can do to clear/remove them.  I did delete Barcode scanner and I am waiting to see if that vbg.dorputolano.com thing returns but if there is a fix by Anon00 I don't see what it is

 

"So I guess my solution is for you all to check your myactivity.google. com and look for when these sites popped up and what happened before or after them and then delete that app or whatever it is".

 

which bit dont you get?

Link to post
Share on other sites
  • Staff
3 hours ago, rosho01 said:

and a Q for the mods @mbam_mtbr - how can this persons app get infected en route to being downloaded? would that not mean a bigger vulnerability in the pipeline/infra possibly impacting every app (with similar code weaknesses) which is downloaded? or is the guy talking BS? 

 

It's not really getting infected in route.  What happens a lot of time is a legitimate app developer puts a free app on Google PLAY, and uses what is called an Ad SDK to gain revenue through ads.  The Ad SDK is simply a piece of code that is added into there app.  There are many good, reputable Ad SDKs that display ads within the app when it is opened.  However, sometimes these Ad SDK get a bit aggressive, and suddenly we have to flag it as Adware.  In this case, the Ad SDK must be removed with the code to not get flagged.

Another method is a legitimate app is introduced to Google PLAY, and downloaded by users.  But then at some point code is added by the app developer that displays aggressive ads.  When the app is updated, the once legitimate app now is Adware.

Hope that all makes sense,

Nathan

  • Thanks 1
Link to post
Share on other sites

The entries in myactivity showed a lot of suspicious activity which I cleared and reset.  The thing is that what apps happened right before the trigger of the popups and ads was something I didn't understand. A few were Updater! but my list wasn't as clearly revealing as i believe yours is. so i was confused.

But I had checked my activity but I didn't scroll down enough to see site settings and so I very much appreciate your redicting me there. There is a site settings option in security/clear browsing history and that's where I kept going which of course didn't do anything.

Link to post
Share on other sites
11 minutes ago, jarapper said:

The entries in myactivity showed a lot of suspicious activity which I cleared and reset.  The thing is that what apps happened right before the trigger of the popups and ads was something I didn't understand. A few were Updater! but my list wasn't as clearly revealing as i believe yours is. so i was confused.

But I had checked my activity but I didn't scroll down enough to see site settings and so I very much appreciate your redicting me there. There is a site settings option in security/clear browsing history and that's where I kept going which of course didn't do anything.

do you still have a problem after uninstalling the barcode app? 

Link to post
Share on other sites
9 hours ago, jarapper said:

I haven't seen it -Yeah.  So my hat off to Anon00. 

Is there a safe way to test my phone  to see if their ad processes/apps are still embedded on my phone. 

As a die note, I'm getting a bit more of an understanding how a forum works!

 

well then it looks like the issue is resolved, which is good. 

run malwarebytes and/or AV scans to check for other issues. 

theres plenty of info on how to do this on here. any other issues, search these forums. 

Link to post
Share on other sites
On 1/14/2021 at 10:45 PM, mbam_mtbr said:

It's not really getting infected in route.  What happens a lot of time is a legitimate app developer puts a free app on Google PLAY, and uses what is called an Ad SDK to gain revenue through ads.  The Ad SDK is simply a piece of code that is added into there app.  There are many good, reputable Ad SDKs that display ads within the app when it is opened.  However, sometimes these Ad SDK get a bit aggressive, and suddenly we have to flag it as Adware.  In this case, the Ad SDK must be removed with the code to not get flagged......

thanks for the explanation Nathan, makes perfect sense. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.