Jump to content

possible drive-by malware from redirected website?


Recommended Posts

hello,

a website i recently visited unexpectedly redirected to this strange url which seems to be hosted in Hong Kong / China: 

https://www.virustotal.com/gui/domain/goucai3.vip

i am worried it is dangerous and it might have downloaded something invisible in the background without me knowing. 

i wondered if someone could investigate the link and let me know if it is doing anything suspicious.

i am running Chrome Version 90.0.4430.212 on Catalina 10.15.7. 

thank you

Link to post
Share on other sites

As long as you didn't click on any links while that page was displayed, then Chrome (or any other browser in use on your Mac) will not download anything without you knowing it.

Also, if you simply click on the three vertical dots at the right end of address bar on Chrome or type Command-Option-L you'll get a list of everything that was downloaded.

Lastly, anything downloaded would have appeared in your download folder, nowhere else.

Link to post
Share on other sites

thanks alvarnell,

I did not click on any links and immediately exited when I saw i had been redirected to that website.

does that mean chrome will prevent anything being downloaded invisibly in the background without me knowing? 

Link to post
Share on other sites
5 hours ago, twiceglobe said:

does that mean chrome will prevent anything being downloaded invisibly in the background without me knowing

Sorry if I wasn't clear. That's exactly what I meant and you can easily verify that by checking the Chrome downloads page and looking in your default download folder for anything you don't recognize having downloaded.

Link to post
Share on other sites
  • Staff

There is always a possibility that visiting a website could trigger a vulnerability in the browser or the OS that could result in silent installation of malware on your device.

That said, this is quite rare on macOS. The last known time this happened was with a Firefox vulnerability used to target Coinbase, and other cryptocurrency companies, back in 2019. Before that, the last known time it happened was in 2011-2012, with repeated attacks through Java vulnerabilities, which prompted Apple to completely remove Java from the system.

So, most likely, you have not actually been infected with anything. However, if you want to be certain, I'd recommend submitting a support ticket with details about your concerns and any issues you're seeing, along with the output of our Mac support tool:

https://support.malwarebytes.com/hc/en-us/articles/360038519834-Upload-logs-to-your-ticket-using-the-Malwarebytes-Support-Tool-for-Mac

Link to post
Share on other sites

It simply copies logs from your computer which you will be able to scan before you send them, if that's the concern. Malwarebytes outlines what it collects and how it is used in great detail in this Privacy Policy.

Link to post
Share on other sites
  • Staff
15 hours ago, twiceglobe said:

but what will this tool do? what logs does it create?

It gathers data for two primary purposes:

  1. Diagnosing problems with the status of the Malwarebytes software on the device
  2. Identifying undetected malware that may be on the device

Although none of the data collected should be particularly sensitive, you can review the contents of the zip file before sending it. Take note of the password that the MBST tool will give you for the zip file. That password is needed to prevent scanning by antivirus engines on mail servers, since the content could potentially contain malicious files when captured from an infected system.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.