Android Chrome Malware

Toggle sidebar Toggle sidebar

Chaotic42

Lifer
Jun 15, 2001
33,929
1,098
126
So I tried to visit Slashdot with my phone and now every time I start Chrome I get a popup saying "An embedded page at s3.amazonaws.com says...", telling me I've been chosen for a chance to win an iPad.

I've tried force stopping Chrome and disabling it with no luck. Any idea how to get this removed? I've looked it up on line and apparently this thing is surviving phone resets as well.

Any help is appreciated.
 
L

lothar

Diamond Member
Jan 5, 2000
6,674
7
76
I had this same problem on my Nexus 7 tablet about 2-3 years ago and tracked it down to an app a family member installed on it. Once I uninstalled that app, they stopped appearing.

Do the same thing.
1.) When did you start getting these messages?
2.) What apps have you installed recently?
3.) Start uninstalling the suspected app one by one until you find the culprit.

For example: If you started getting these messages about a week or two ago, try looking at all apps that you've installed within the past 3-4 weeks and narrow down from there.
 
C

Crono

Lifer
Aug 8, 2001
23,720
1,501
136
Wallpaper apps seem to be one of the most common vectors of this type of malware.
 

Chaotic42

Lifer
Jun 15, 2001
33,929
1,098
126
It started once I visited Slashdot. I only have one app which didn't come with the phone. Uninstalling it didn't get rid of the message.
 

John Connor

Lifer
Nov 30, 2012
22,840
617
121
Is your phone rooted? I didn't root my phone because I knew this could be a malware magnet then.
 

Chaotic42

Lifer
Jun 15, 2001
33,929
1,098
126
John Connor said:
Is your phone rooted? I didn't root my phone because I knew this could be a malware magnet then.
Click to expand...
It's not rooted. I literally just use my phone for calls, texts, pics, and until I just uninstalled it, cribbage.

Disabling all of its permissions to do anything and clearing the cache worked. Thanks for the replies.
 
Last edited:

gorcorps

aka Brandon
Jul 18, 2004
30,740
452
126
John Connor said:
Is your phone rooted? I didn't root my phone because I knew this could be a malware magnet then.
Click to expand...

Not sure what would make it a malware magnet. Any access to root is a popup on your screen that you can either grant or deny.
 

Commodus

Diamond Member
Oct 9, 2004
9,215
6,818
136
My hunch is that it's 'just' a rogue ad being served. That happens even on the best sites, since they don't have full control over what ad networks show.
 

cronos

Diamond Member
Nov 7, 2001
9,380
26
101
John Connor said:
http://www.howtogeek.com/132115/the-case-against-root-why-android-devices-dont-come-rooted/


Would a security conscious person use an Admin account as their primary account in Linux?
Click to expand...
He mentioned his reasoning and the article confirmed it. Even on a rooted phone, the user still have to explicitly allow an app access for it to be able to do anything it does not normally had access to.

It's probably similar to a sudoer access in Linux. You can have root access, but you have to explicitly say it every time. And yes, the default prompt from SuperSU on Android is to give root access just that one time.
 

sweenish

Diamond Member
May 21, 2013
3,656
60
91
lothar said:
I don't think you understand how root access works on Android.
Even when rooted, an app must still initially ask for permission.
Click to expand...

And you don't understand what malware can do on a phone that is able to elevate to root privilege. Asking for root permission is just devs playing by some agreed-upon rules, since you never authenticate like you would on Linux. Malware doesn't have to ask, it can and will self-elevate, and do so silently.

Root is very double edged.
 
L

lothar

Diamond Member
Jan 5, 2000
6,674
7
76
sweenish said:
And you don't understand what malware can do on a phone that is able to elevate to root privilege. Asking for root permission is just devs playing by some agreed-upon rules, since you never authenticate like you would on Linux. Malware doesn't have to ask, it can and will self-elevate, and do so silently.

Root is very double edged.
Click to expand...
Based on your bolded statement, then being rooted or unrooted wouldn't matter anyhow.
Malware does not appear on your device all of a sudden because you rooted it. You had to do something else for it to get there. It's no different from downloading an attached file in your junk email folder from an unknown sender and running it.

The same malware that affects a rooted device can also affect an unrooted one.
Just because a device is unrooted doesn't mean it's immune to malware. There are lots of malware apps in the wild that can infect an unrooted device using various "Godless" and other numerous exploits.
 

sweenish

Diamond Member
May 21, 2013
3,656
60
91
At no point did I ever say malware arrives magically by being rooted.

The rest of your post is failure to understand the act of rooting allows malware to simply give itself root privileges. If you're not rooted, there's very little it can do because the privilege isn't there to begin with. Assuming you're patched for Stagefright and all that. It can't root your phone, but it can take advantage of root.
 
J

JeffMD

Platinum Member
Feb 15, 2002
2,026
19
81
No root here and I get these. I am still unsure if the source is on my phone, or if it's the ads on the website I am visiting.
 
L

lothar

Diamond Member
Jan 5, 2000
6,674
7
76
sweenish said:
At no point did I ever say malware arrives magically by being rooted.

The rest of your post is failure to understand the act of rooting allows malware to simply give itself root privileges. If you're not rooted, there's very little it can do because the privilege isn't there to begin with. Assuming you're patched for Stagefright and all that. It can't root your phone, but it can take advantage of root.
Click to expand...
http://blog.trendmicro.com/trendlab...-malware-uses-multiple-exploits-root-devices/
http://arstechnica.com/security/201...und-in-google-play-root-90-of-android-phones/
And what you're failing to understand is that there are malware that can root an unrooted device to get the same privileges.

For example: This exploit was fixed in 5.1.1, so any phone not running that or later is still susceptible. How many Android phones are still not on 5.1.1 or later? A hell of a lot.
 
J

JeffMD

Platinum Member
Feb 15, 2002
2,026
19
81
Lothar, I hit links to alot of the news sites, some tech and some normal. Nothing too shady really. But you know how oblivious they are to their own ad service.

Btw this is on android 6.0. Lg g4, locked boot loader makes things difficult to edit.
 

Chaotic42

Lifer
Jun 15, 2001
33,929
1,098
126
JeffMD said:
Lothar, I hit links to alot of the news sites, some tech and some normal. Nothing too shady really. But you know how oblivious they are to their own ad service.

Btw this is on android 6.0. Lg g4, locked boot loader makes things difficult to edit.
Click to expand...
Like I said, I got mine when I went to Slashdot. I guess I should report it to them.
 
S

stlc8tr

Golden Member
Jan 5, 2011
1,106
4
76
sweenish said:
The rest of your post is failure to understand the act of rooting allows malware to simply give itself root privileges. If you're not rooted, there's very little it can do because the privilege isn't there to begin with. Assuming you're patched for Stagefright and all that. It can't root your phone, but it can take advantage of root.
Click to expand...

Which malware targets only rooted devices? It seems that malware authors would be better served if they constructed something that could infect as many devices as possible. Targeting rooted devices would limit the audience.
 

sweenish

Diamond Member
May 21, 2013
3,656
60
91
sweenish said:
[...]Assuming you're patched for Stagefright and all that. It can't root your phone, but it can take advantage of root.
Click to expand...

It would be great if you guys used points I hadn't already addressed.

I can admit that I didn't take into account the fact that being on the latest version of Android puts you in a minority, but that's it.

The simple fact is that if you are constantly running as root, malware doesn't have to ask, which is the opposite of what you were saying.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom
sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |