Jump to content

Could it be malware?


Recommended Posts

I attach screenshot of situation that from some days is visualized from Google sporadically (not every day 1 time but almost)

I also attach report Malwarebytes Premium Scan (manual scan a few minutes ago)
I also have Malwarebytes Privacy (latest stable version available) installed on my Mac.
On Safari are installed 1Blocker, MWB Browser Guard, Super Agent for Safari (for the automatic acceptance of technical/functional cookies only)
On Firefox only Malwarebytes Browser Guard (I don't use it much and so far the situation has occurred only on Safari)

There were no changes immediately before the situation began.
Something was modified afterwards but it didn't change anything

I may collect and submit any reports necessary for the analyst (as long as I am assured that no personal/sensitive data is included) 

Meanwhile thank you

Have a nice day

Massimiliano

Google Situation

158637874_Schermata2021-11-30alle12_10_37.thumb.jpg.061ffc6c896f0488ab02a1370bb9cbfa.jpg

 

Malwarebytes

240396991_Schermata2021-11-30alle13_32_14.thumb.png.d81387ed3bc56880670fa6057ef105f2.png960344176_Schermata2021-11-30alle13_32_06.thumb.png.5a43908606764bd8fe2d27e7cab2f604.png

Link to post
Share on other sites

  • Staff

What you're seeing is something that can be peripherally malware-related, as this kind of message can involve Google seeing unusual activity from your network and wanting additional confirmation that you're not a bot. It could be some kind of process designed to scrape data from Google that someone is running intentionally. It could also be malware. If it's malware, it would be Windows malware. (Network-based detections almost never know anything at all about Mac malware.)

There are a few possibilities.

First, there could be an infected Windows machine on your network. If you don't have any Windows machines, make sure your network is properly secured and that no neighbors are using your network without your permission or knowledge.

Second, your internet service provider (ISP) probably assigns you an IP address dynamically, which will change every time your modem reboots. The last person to use the IP address you're using now might have triggered the warning from Google. Try rebooting the modem to get a new IP address. If that doesn't give you a new IP address, talk to your ISP.

Third, it's possible your modem or router is infected with some kind of botnet malware. This is difficult to diagnose and fix, as there are countless different pieces of hardware you could have, with different firmware versions, different vulnerabilities, different capabilities, and different means of fixing. In some cases, there may be no fix, especially with really old hardware. If your network hardware is really old, consider replacing it.

Link to post
Share on other sites

3 hours ago, treed said:

First, there could be an infected Windows machine on your network. If you don't have any Windows machines, make sure your network is properly secured and that no neighbors are using your network without your permission or knowledge.

A windows machine in the network, definitely not. By now we have all converted to  devices and the only old PC is turned on only if you have to look at RX/RMN/TAC for diagnostic tests done or to create a pendrive with some content for the car radio/TV in order to remove the hidden files created by the Mac that on these devices give problems (unless you know how to suggest a method to do it directly from Mac).

3 hours ago, treed said:

Second, your internet service provider (ISP) probably assigns you an IP address dynamically, which will change every time your modem reboots. The last person to use the IP address you're using now might have triggered the warning from Google. Try rebooting the modem to get a new IP address. If that doesn't give you a new IP address, talk to your ISP.

My ISP, Vodafone, I hope to get it off as soon as possible, I've had it since June while the problem has only been occurring for a few days. 
It assigns me a dynamic IP but my router is restarted very rarely, only when there are problems of slow connection that makes it impossible to use or other problems (it is not restarted for two months) so I would exclude a change of IP with others at least in the last month.

3 hours ago, treed said:

Third, it's possible your modem or router is infected with some kind of botnet malware. This is difficult to diagnose and fix, as there are countless different pieces of hardware you could have, with different firmware versions, different vulnerabilities, different capabilities, and different means of fixing. In some cases, there may be no fix, especially with really old hardware. If your network hardware is really old, consider replacing it.

My router (only device) connected to the phone network on which depend in Wi-Fi my Macs (Air M1 with Monterey) and my Father's (Mid 2012 stopped at Catalina), my iPad mini 2021, two iPhone SE 2020, and, I do not know if it connects to the router because it is a Black Friday purchase as well as an early Christmas, my Apple Watch 7 all updated to the latest available version of their respective OS, plus LG Smart TV and two Printers (Canon Pixma Mx 925, very old, almost never used because it's nearing the end, and an HP LaserJet) is a Fritz! Box 7530 that has been updated a few minutes ago to FRITZ!OS 07.29 purchased in March 2021 (I know there are a lot of new apple devices, but pretty much the old ones died almost all together 😭)

On the network tab of the control panel of the router there are only known devices apart from a non-removable device called PC-192-168-178-35 with IP address 192.168.178.35 (I premise that the router has the name fritz.box and responds to IP 192.168.178.1) that is unknown to me and I can not understand

It seems to me the only anomaly

@treed, sorry I did not thank you at the top of the message, but after setting everything I could not create the space, Ideas about this, given the explanations given

 

Link to post
Share on other sites

  • Staff
7 minutes ago, Massimiliano said:

It assigns me a dynamic IP but my router is restarted very rarely, only when there are problems of slow connection that makes it impossible to use or other problems (it is not restarted for two months) so I would exclude a change of IP with others at least in the last month.

Restarting the router may not be the only case where the IP address gets reassigned... it's just a common one. There may be other conditions that could trigger this to happen. The important point is that such an IP address change could cause this problem, and forcing it to change again could fix it.

Quote

On the network tab of the control panel of the router there are only known devices apart from a non-removable device called PC-192-168-178-35 with IP address 192.168.178.35 (I premise that the router has the name fritz.box and responds to IP 192.168.178.1) that is unknown to me and I can not understand

If you can't identify a device on your network with that IP address, that's suspicious. If you've got a neighbor within wifi range, they could have put a device on your network. I'd try changing the network password and kicking that device off.

Also, keep in mind the router/modem itself (whatever component you have that is visible to the internet as a whole) could be infected, but I don't have much advice on how to fix that.

Link to post
Share on other sites

@treed, meanwhile thank you, right away

I may have figured it out

I changed the password and restarted the router

Obviously all devices have disconnected

The devices with that strange name were the two iPhones that are set with private addresses (in fact, the wi-fi addresses of the devices match), which I have now renamed

At this point, after having reconnected all the family devices, I limited the wi-fi access only to the known devices, limiting the access to any device outside the list of the connected ones and I disabled the guest connection (Possible settings on Fritz!Box routers)

Therefore no more devices can connect to wi-fi even if they know the password, except change that setting

I'll see in the next days if the problem will be solved and I'll update the post

Thank you for the moment

 

Link to post
Share on other sites

  • Staff

That could be a factor, but I doubt that's the only factor. It's possible that you wouldn't see it if you were logged in, but it's also possible it wouldn't make a difference, and if you're not logged in because you don't want Google tracking you, that wouldn't be an ideal solution.

I'd still say that forcing your externally-visible IP address to change would be a key thing to try, and rebooting the modem that is responsible for that IP address may not actually force it to change. I'd definitely recommend talking to your ISP about how to do that.

Link to post
Share on other sites

1 hour ago, treed said:

That could be a factor, but I doubt that's the only factor. It's possible that you wouldn't see it if you were logged in, but it's also possible it wouldn't make a difference, and if you're not logged in because you don't want Google tracking you, that wouldn't be an ideal solution.

I'd still say that forcing your externally-visible IP address to change would be a key thing to try, and rebooting the modem that is responsible for that IP address may not actually force it to change. I'd definitely recommend talking to your ISP about how to do that.

Talking to my ISP is a lost cause at the outset. I hope to be able to change it as soon as possible. A new one must arrive, which is honest. In fact, it's not Italian. However, I use MWB privacy on iPhone, iPad and Mac and the problem is only on the Mac; it does not show up on my father's Mac and iPhone without vpn. Restarting the router anyway, at least as far as the IP is displayed is changed. I don't really keep any logins active except this forum.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.