Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can android devices be at risk on a potentially malicious site?


  • Please log in to reply
32 replies to this topic

#1 keyes528

keyes528

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 31 August 2014 - 06:36 AM

Hi, I accidentally went onto a website via google images and went off it right away however the page was about 2/5ths done loading. I accidentally hit the undo button and opened it again, but closed it immediately again.

This is on android kit kat, samsung tab 3.

I did a virustotal check, and the website had a 1/58 detection ratio. Website security guard had flagged it as a malware site.

I checked the site on scumware.org. 10 pages had been reported in 2013 to have scrinject.gen b. The page I had clicked onto was not on the list of 10.

Is my device in danger? I scanned with mbam mobile, avg , avast, cm security, cm cleaner and others and it has been clean. Unknown source applications are turned off, device is not rooted.


And another question, if my device is in danger, could malware on it spread to pcs on the same network?

Thanks. I have no pop ups, notifications or spammy ads, but im worried about possibility of android keyloggers.

BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:10:46 PM

Posted 31 August 2014 - 11:56 AM

With Android you as a user have to actually install malware. It's not like Windows with self extracting apps. If you ran malware scans afterwards and did not install anything. Then you are not infected with anything known and that has definitions in the anti-malware tools you used.

In other words.

As long as you weren't asked to install an app while you were on the site. Then immediately after you left that site you did the scans and came up clean. I don't see a problem.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 rp88

rp88

  • Members
  • 3,000 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:46 AM

Posted 31 August 2014 - 07:13 PM

Lucky £%$^%r& , it would be nice if windows were set up not to install anything without deliberate user installation. Why windows was ever developed in a way that would let programs install themselves,ads send you viruses  and scripts on websites take over your computer is beyond comprehension. 


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:46 AM

Posted 01 September 2014 - 07:04 PM


I don't use Smartphones, iPhones, etc but I've collected some reading material on the subject...

* Android Ransomware
* Malware from Computers Spreading Through Smartphones
* Yes, Your Phone Can Get A Computer Virus
* Can Smartphones Get Virus/Viruses and Malware?
* Mobile botnets taking over smartphones
* Mobile attacks!
* Top Five Ways Your Smartphone Can Contract a Virus
* Android malware up 614% as smartphone scams go industrial

* Android Madware and Malware Trends
* Mobile Adware and Malware Analysis
* Battling Malware & Madware
* Madware ads plague Android users
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 painfullregistry

painfullregistry

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 09 September 2014 - 12:40 AM

Yes they can be infected by a driveby download. I went to "theblaze.com" and got something that would block my every move within 5sec. I finally had to do a factory reset not once but twice. Kaspersky internet security for android,from playstore was completely ineffective. Still not sure what it was,but acted like simplelocker. Was trying to get my password for my Google account, and adding notices to my draw seconds after clearing them. The malware infecting the blaze was writen up by "invencia.com" a Dell security outfit. Now I have learned that Kaspersky mobile may have a SSL problem that allows a "man in the middle" attack. Thank God I had all my stuff backed up by my Google account.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:46 AM

Posted 09 September 2014 - 07:44 AM

Here is a quote from my Colleague Didier Stevens, Microsoft MVP Consumer Security.

Several smartphone operating systems (OS) offer no API's at all for AV applications to be able to perform.

In iOS (that's the OS of the iPhone), an AV app is like any other app, it has no special privileges or access so that it can monitor the phone resources for malware.

So there can not be any good anti-virus programs for the iPhone, because the OS does not provide the features required for an AV program to be able to do a good job.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 painfullregistry

painfullregistry

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 09 September 2014 - 08:24 AM

That's very interesting,

I happen to be on android,4.1.1 jellybeen. My device is HTC EVO 4g LTE and I think a Google play edition,as it was loaded with all their apps,(that I heavily use)
I have read that I-phones are prone to infections just not as prevalent as android OS right now. Recently,Australia had a rash of I-phones with malware. Because there are over a billion android devices,the percentage of infected device'is very low,but that translates to millions. Here is an article,one of many,that speaks to this
https://www.google.com/url?sa=t&source=web&rct=j&ei=9_sOVNaVDcS1sQTs4YGADw&url=http://www.techradar.com/us/news/phone-and-communications/mobile-phones/mobile-malware-jumped-163-percent-in-2012-mostly-on-android-1144848&cd=7&ved=0CC4QFjAG&usg=AFQjCNGyreZkCn88Df5rrJtCEC9fA1H0FQ&sig2=eY6q69fq4pG6m21b6odJ4A
Apple I-phones have vulnerabilities too,but Apple is arrogant in stating that they do not,and it makes sense that they would block AV apps from interacting with their OS. And I'm not talking about jail broke phones either.

#8 keyes528

keyes528
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 12 September 2014 - 05:40 AM

Yes they can be infected by a driveby download. I went to "theblaze.com" and got something that would block my every move within 5sec. I finally had to do a factory reset not once but twice. Kaspersky internet security for android,from playstore was completely ineffective. Still not sure what it was,but acted like simplelocker. Was trying to get my password for my Google account, and adding notices to my draw seconds after clearing them. The malware infecting the blaze was writen up by "invencia.com" a Dell security outfit. Now I have learned that Kaspersky mobile may have a SSL problem that allows a "man in the middle" attack. Thank God I had all my stuff backed up by my Google account.


Are you saying the malware tried getting your password?

And could anyone tell me if the mapsofworld.com? is safe? The link I had visited was

mapsofworld.com/world-top-ten/countries-spending-most-on-console-and-computer-game.html

Some places say its bad, some dont. Norton reviews are mixed, same mywot. Virustotal says the ip it is based In has some 1/58 detected sites. One of them is mapsofworld, but when I search mapsofworld on virustotal it says 0/58.

#9 painfullregistry

painfullregistry

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 12 September 2014 - 06:43 AM

Hi Keyes528,

Yes,the malware wanted my password to my Google account. The first time it happened,I had just finished with 2step verification.( I was allready signed in,as my chrome browser does this automatically for me) when I hit the final tab,this screen pops up asking for my password. It was not the standard signin page,but generic android,and no user name either. So I tried to clear it,ands that's when it really got interesting.I started getting notifications,one that looked like email,and another that looked like an app notification. When I opened notice tray,my button to clear was missing,so I swiped them off,and within seconds they came back. Now I could change screens,but the password screen popped up every couple seconds. Eventually I died a factory reset,as I could get into settings without being blocked.(i could not do any normal things on phone) there were other things going on with phone before this all happened,so it is possible I was infected before visiting theblaze,like my out going data was way too high for my activity. And battery drain over night,WiFi constantly turning itself on,when my settings should,and did keep it off previously. But within an hour of visiting theblaze,things went haywire. That was after a scareware pop-up which I did not interact with in any way,at all. I hit return,and then thus website went all screwy jumping around,which was probably redirecting me to a landing page somewhere else. I cleared the window as fast as I could,and my have gotten a partial infection,I'm just not sure about all three scenarios. But it came back a few days later,(not sure I hit button to erase pics,vid,storage,etc the first time,but after that,I did not reinstall Kaspersky,(from playstore,not the impostor app) and have been clean ever since. I suspect that app my have created a weekness,(google "syscan 2014,antivirus apps vulnerabilities) for an eye opener. I now use Avast free with malwarebytes free and both of these will prevent key loggers or any spyware for that matter.

As for your device,I think you are safe for now. Keep an eye on battery use,data outgoing,(my average about 20%) number of text messages,and make sure there are no new apps in draw that you never saw before. The internal protection you have with Knox should keep you safe,but the apps I have are good too,as all security programs are not equal as you can see in virus total,there are allways many who miss detections of a particular virus or malware. Avast & malwarebytes are very easy on the battery too. If you have any other questions feel free to pm me. I have been studying this subject for months now.

#10 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:10:46 PM

Posted 12 September 2014 - 01:15 PM

I want to be clear here, it seems it's not Android malware you experienced, but a browser exploit? Due to the fact you visited a website with a browser. Because Android malware has to be installed by the user.

The reason I want to clarify this seemingly minor issue up is because Android as an OS is not as vulnerable as the pundits want to make it. Unlike Windows with Android you have to actually install malware. Thereby making the user the key to whether you become infected with malware while using Android. It doesn't self extract. However yes using a browser on unsafe sites is no different than on Windows. The browser is the key flaw here not Android.

However Windows allows self extracting malware via downloads and emails, etc. That's not the case with Android. You can download it but until you actually install it, nothing happens.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#11 painfullregistry

painfullregistry

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 12 September 2014 - 02:19 PM

Hi animal,

Thanks for the information. The thing is I'm still not sure if may be it was coincidental timing ,because my phone had some classic symptoms of infection a few days prior.

Now,if it was a browser exploit, can it then leave the browser and interact in other areas? Because I left the browser and was able to go to home page,within that 5 second window. But it was limited to general areas of operation. I was then able to open app draw to click settings after a couple of attempts,then do factory reset. And could it have generated the notices I was getting simultaneously with the lock screen that wanted my pass word ,(for lack of better terms) Like I said,I'm still puzzled.

#12 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:46 AM

Posted 12 September 2014 - 02:24 PM

I have read that I-phones are prone to infections just not as prevalent as android OS right now. Recently,Australia had a rash of I-phones with malware.

 

According to a friend, Mikko Hypponen, Chief Research Officer of F-Secure, a Finnish AV company specializing in mobile defense, there have been no significant cases of malware on iPhone. The malware they analyzed was for jailbroken iPhones.

 

And another indication that it is very hard to infect non-jailbroken iOS devices: FinFisher's FinSpy software does only support jailbroken iPhones:

http://www.intego.com/mac-security-blog/dont-jailbreak-your-iphone-if-you-want-to-stop-government-spyware/


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#13 painfullregistry

painfullregistry

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 12 September 2014 - 02:48 PM

Hi Didier Stevens,

Thanks for taking time to respond. I am aware that jail broke ios are more vulnerable. However,you must have heard if not read Johnathan Zdziarsky' talk at Blackhat this past July in Vegas. He was vindicated a number of times,namely Stroze Friedburg wrote a program to remove the pairing problem from I-phones and to then encrypt to lockdown the phone. Apple underplayed their admissions about the affair. So it is possible to exploit that weekness,otherwise why write a program to protect against exploits?

#14 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:10:46 PM

Posted 12 September 2014 - 02:57 PM

@painfullregistry

I am just in the early stages of self education mode regarding Android malware. So I can't say definitively that a browser exploit stays within the browser. But with the knowledge I have gained so far. As long as the OS permissions remain OEM and not a rooted OS the malware should be compartmentalized. With that said, I am open to others with more experience and better testing facilities than I currently have to prove that statement or disprove it.

My main motivation here it to educate people about the facts regarding malware and the Android OS. As well as to dispel the generalizations about the safety with regards to malware and the OS.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#15 painfullregistry

painfullregistry

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 12 September 2014 - 03:26 PM

Hi,you may be on to something though. I know that for the most part,the user generally has to interact in some way to cause the initial download and install but with advertising going rouge more & more these days,they sorta tag along with the app. I had only had those two apps for a week or two. Then while visiting what should have been a safe site,tube pop-up scareware,then a redirect,then an hour later I'm playing tag with some program.

I'm still trying to figure it out,and am tech newbe on top of it all. But I have been reading everything I can find on malware,viruses,malvertizing,etc. I read all the major security blogs and a bunch of white papers too. There are tens of millions of infections of android but is small percentage of over a billion users currently and growing. Your thoughts are very intriguing as it was something I had not considered. But now have a new avenue of pursuit. So thanks,I really appreciate the help. I also understand you wanting to not call fire in a theatre,as it were. But for those of us who have had an incident,we want to warn people the threat is real and growing. You see,I am not rooted,and playstore has named apps to block advertisers,unless rooted. This is unconciable,because for many clueless users,they will have major trouble dealing with an infection,and even risk being harmed in multiple ways. So I'm on a personal crusade to educate myself,and anyone I know or come into contact with.

Do you know of any resources about browser exploits specifically?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users