Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm not sure if this is spyware, surveillance or nothing at all...


  • Please log in to reply
7 replies to this topic

#1 danbrown29

danbrown29

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 19 May 2018 - 10:14 AM

I was browsing LinkedIn on my Chrome browser yesterday, and sent a connection invite to someone on LinkedIn. Shortly after (~30 minutes), I fired up my Nord VPN, opened up an incognito browser window, and started browsing an XXX site (a well-known / top 5 XXX site).

 

I watch a video and once it ends, the 'Related Videos' pop-up on the video player. Behind the gridded layout of related videos thumbnails, a screenshot (that I did not take) of that person's LinkedIn profile page (with my own personal information in the right hand corner) showed up as the background image behind the related videos thumbnails! I visited 3-4 different videos on that site, and this same screenshot showed up at the end of each video behind the related videos thumbnails. I closed that XXX tab, opened up a new tab and went to the same XXX site, and when I tried the same thing with the same videos, the background behind the related videos thumbnails remained black -- no screenshot.

 

I ran a malware/spyware test using McAfee and Avast Security, and no infections were found. Any thoughts on what's happening here? This issue can be broken down into two questions: (1) why was a screenshot of my Chrome browser taken when I was on this person's LinkedIn page (the screenshot was contained to the LinkedIn page, did not show any of the Chrome browser or any of my Mac interface)? (2) why/how did this screenshot appear as a background behind the related videos thumbnails at the end of some video on a well-known XXX site?

 

Yeugh.



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:52 AM

Posted 19 May 2018 - 11:08 AM

danbrown29:

 

:welcome: to Bleeping Computer.  You already have an identical topic open at the geeks to go! Forum.  Posting for assistance in multiple Forums is strongly discouraged because it can lead to conflicting advice and duplication of effort.

 

Please close your topic at G2G if you wish to continue to seek assistance here; or, vice versa.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#3 danbrown29

danbrown29
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 19 May 2018 - 11:18 AM

danbrown29:

 

:welcome: to Bleeping Computer.  You already have an identical topic open at the geeks to go! Forum.  Posting for assistance in multiple Forums is strongly discouraged because it can lead to conflicting advice and duplication of effort.

 

Please close your topic at G2G if you wish to continue to seek assistance here; or, vice versa.

 

Thank you and have a great day.

 

Regards,

-Phil

 

Thanks Phil, done.

 

D



#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:52 AM

Posted 20 May 2018 - 04:29 AM

danbrown29:

 

Thank you for your post and for closing the G2G topic.

 

I am suspicious that you might have been a "victim" of a Chrome glitch related to how it stores cached files.  Since your anti-virus scans came up negative, and you cannot now replicate the issue, I would have Chrome delete its browsing data (cache) by launching it and the pressing Ctrl-Shift-Delete.

 

If you see any repetition of the issue, I would advise you to open a topic in the Malware, Trojan, Spyware, and Malware Removal Logs Forum here at Bleeping Computer to have a qualified malware removal specialist check your computer for possible browser hijackers and other malware.  Posting instructions for that Forum can be found here.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#5 danbrown29

danbrown29
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 20 May 2018 - 09:37 AM

Phil, thanks for this. I arrived at the same thesis, but with three questions...

 

1) Can Google Chrome cache a "snapshot" of a LinkedIn (or any) webpage that contains private user information?

2) Can this snapshot be fetched by a program that has access to the Chrome cache directory?

3) How/why would the video player that is embedded in the XXX site fetch this LinkedIn page containing private information?

 

It sounds like this issue is just internal to Chrome, and does't mean that the XXX site accessed (or, anyone else would be able to access) my browser cache directory.

 

Cheers, D



#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:52 AM

Posted 20 May 2018 - 01:17 PM

danbrown29:

 

Thank you for your post.  I am glad that we are sharing the same thesis! :thumbup2:

 

To be honest, I am not an expert on browsers, but we do have a Forum here dedicated to web browsers, and you could pose your question there.  I think that all browsers cache everything, unless you are browsing in Incognito mode (Ctrl-Shift-N in Chrome) or using a similar option in other browers; eg., InPrivate.  Those very explicitly state that they delete all cookies, cache setting, site data, and forms at the end of a web session.

 

I would expect that any program could access the Chrome cached pages, if it is programmed to do that.  The Chrome cache files are just data.

 

As for your question 3, I can't answer that question because I don't know the video player in question or how it works; or, whether this was just some kind of a glitch, and those do occur and cause alarm.  A good power reset, with Fast Start disabled (Windows 8.1/10), is the cure to a lot of strange behavior from computers.  I always keep Fast Startup disabled.  Once "stuff" starts going "south", Windows just keeps reloading the same "corruption" from the hibernation file when Fast Start is enabled.  I like a clean start, and I don't notice that "Fast" Startup is all that fast!

 

I don't think that we have any proof, based on what you have told me, that the XXX site accessed your Chrome cache data.  The most likely explanation is a Chrome glitch; UNLESS it occurs consistently at one site!

 

If you are a routine visitor to XXX sites, you might want to consider always going to those websites in "Incognito Mode", when using Chrome.  Another, even more secure option, is using a program like Sandboxie, which allows you to totally delete everything from your computer once a web session is over and prevent any malware from getting established in your computer.  I use Sandboxie on both of my computers because I sometimes have occasion to go to some dodgy websites, researching malware.  When I am done, I just delete everything in the sandbox.

 

Are there any other issues that I can help you with?

 

Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#7 danbrown29

danbrown29
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 20 May 2018 - 02:38 PM

Thank you Phil, this is very helpful. No more issues at this time -- I will pose my question to the Web Browsing forum.

 

I appreciate your insights!

 

D



#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:52 AM

Posted 20 May 2018 - 02:42 PM

danbrown29:

 

Thank you for your post.  It has been my pleasure to assist you.  Good luck in the Web Browsing Forum.

 

Stay safe out there in cyberspace and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users