Jump to content

Malvertisement link, attacks windows but I don't know about android

soijds231
 Share

Recommended Posts

soijds231

soijds231

Posted
Posted

accidentally clicked on this advert on an app on my android phone

I have run it through some online malware analysis tools and it appears like it evades sandboxes on windows devices. I have no idea how to check if it has downloaded a payload on my phone however. What should be the next steps I go through. 

 

https://     aw14209e.aweb  .page/p/  9202258e-40a1-4548-b1d8-0a2873da4b92

 

Link to post
Share on other sites
mbam_mtbr

mbam_mtbr

Posted
Posted

Hi @soijds231,

I tested the link in an Android Emulator.  No payload dropped.  On Android, you would see something downloaded to your Downloads folder, and also have to confirm the install.  Looks like a money scam from the webpage info:

FORTY "Done For You" Campaigns


Made Us Over $92,412.82 
Just Copy & Past...Each Campaign Generates Passive Income Daily...
Now It's Your Turn to Make Big Money!

Step 1. Login To Clone-ME...Members Area & Enter your PayPal Account. Step 2. Deploy...Send Traffic (We'll Teach You a Simple FREE Method Inside) Step 3. Monetize...Click "Refresh" to see the Amount of Commissions You've Earned Each Day!

Needless to say, but don't sign up for this "money maker". 🙄  I'll send this over to your web team to block.

Thanks for letting us know,

Nathan

Link to post
Share on other sites
  • Staff
Dashke

Dashke

Posted
  • Staff
Posted
On 9/12/2021 at 12:40 PM, soijds231 said:

accidentally clicked on this advert on an app on my android phone

I have run it through some online malware analysis tools and it appears like it evades sandboxes on windows devices. I have no idea how to check if it has downloaded a payload on my phone however. What should be the next steps I go through. 

 

https://     aw14209e.aweb  .page/p/  9202258e-40a1-4548-b1d8-0a2873da4b92

 

Thank you very much for reporting this link!

We have added it to our database.

Fortunately, there are no drive-by downloads detected in the page, so your phone should be safe. :)

Link to post
Share on other sites
soijds231

soijds231

Posted
  • Author
Posted

Thanks for the reply! 

I am just wondering as I fiddled around in a windows sandbox and once I got around the sandbox evasion it appears to show a mitre attack crypto api that aims to steal credentials. I can link the report if desired? Or is it just aiming at attacking vulnerable windows systems instead? As the static code analysis for android gave me nothing too.

I only have a pretty basic understanding on this subject so I appreciate any knowledge you can share. 

 

Thanks again for getting back to me everyone! 

Link to post
Share on other sites
mbam_mtbr

mbam_mtbr

Posted
Posted
2 hours ago, soijds231 said:

Thanks for the reply! 

I am just wondering as I fiddled around in a windows sandbox and once I got around the sandbox evasion it appears to show a mitre attack crypto api that aims to steal credentials. I can link the report if desired? Or is it just aiming at attacking vulnerable windows systems instead? As the static code analysis for android gave me nothing too.

I only have a pretty basic understanding on this subject so I appreciate any knowledge you can share. 

 

Thanks again for getting back to me everyone! 

Hi @soijds231,

I'd probably ask that over in the Windows side of the forums.  One way or another, the link will be blocked on both mobile and PC.

Nathan

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.