Jump to content
Shadowdrake

ANSWERED:Adware Issue pt 2

Recommended Posts

I would have posted in the prior thread but it was closed. On mobile I have also had an ad redirect to some "YouTube survey for winning visitors" and yes, I immediately scanned my phone with updated anti-malware and got no results. I usually use adblock (because the ads loading messes up password fields) and never got redirected, but almost immediately did as soon as I tried turning it off, so I suspect it's an issue with one of the automatically placed google ads.

Share this post


Link to post

Posted (edited)

Did you use the link I posted ? Adblockers don't pick up all malware. That ad has been hitting people all over and everyone I have given the link to has found that using malwarebytes (specifically) has said that that stopped it.

 

Quote

 

www.malwarebytes.com/ios/  for iPhones and iPads. 

 

https://www.malwarebytes.com for those with other devices/systems. It's free; everyone should use it REGULARLY.

 

 

Edited by Fuzzbucket

Share this post


Link to post

Any protection is good; just something to keep in mind:

 

Malwarebytes offers limited protection from malware as it cannot scan an iOS device:

 

https://support.malwarebytes.com/docs/DOC-2579

 

(The references to phone calls and texts are for the Premium version.)

 

Here is a review of the free version:

 

https://www.pcmag.com/review/322011/malwarebytes-free

 

I found this an interesting read from Confiant. Malwarebytes helped uncover this:  

 

https://blog.confiant.com/confiant-malwarebytes-uncover-steganography-based-ad-payload-that-drops-shlayer-trojan-on-mac-cd31e885c202

 

And if you're geeky like me you might enjoy this (rather terrifying) article on a sophisticated ad fraud campaign:

 

https://blog.confiant.com/revealing-how-the-dandelion-group-leverages-multiple-layers-of-cloaking-to-run-ad-fraud-campaigns-c7bc04c418ca

 

In general, they have a lot of stuff that makes a great case for Mac/iOS users to protect against bad actors.

 

https://blog.confiant.com

Share this post


Link to post

Posted (edited)

8 minutes ago, missy_ said:

Any protection is good; just something to keep in mind:

 

Malwarebytes offers limited protection from malware as it cannot scan an iOS device:

 

 

It can. Several people used it on their iPhones yesterday, and it IS free. HERE :

 

https://www.malwarebytes.com/ios/  for iPhones and iPads. 

 

Here it is on the applestore:

 

https://apps.apple.com/app/apple-store/id1327105431

 

Someone here used it successfully - see the other thread.

 

 

 

Edited by Fuzzbucket

Share this post


Link to post

Fuzz, yes I saw those posts. I am aware of Malwarebytes and that it is in the App Store and I agree; anything that can help should be used. :)

 

But it does not scan iOS for malware; the documentation I linked to is from the company Malwarebytes that makes that app.  

 

From Malwarebytes website on the subject of "Scanning for malware on iOS devices"

 

"Due to security restrictions on iOS, it is not possible for any app to scan the system or other apps for malware. Apps are not allowed those kinds of permissions, and for that reason, antivirus software on iOS is not possible."

 

But what it may do is prevent malicious redirects, although in iOS 12 Apple has that under Experimental Features (it's turned on by default). 

 

I wonder what version of iOS people experiencing this issue are on. I have not seen those types of redirects since being on iOS 12.3.2 (the latest stable, non-beta version of iOS for the iPhone).

 

The articles I linked to earlier were because iPhones do need protection from malicious browser attacks, as they have gotten quite sophisticated. 

Share this post


Link to post

Posted (edited)

On 7/14/2019 at 6:39 AM, Fuzzbucket said:

 

It can. Several people used it on their iPhones yesterday, and it IS free. HERE :

 

 

There is a free version and a premium version. The free version comes with Premium features free for 30 days. I don't know how one ends the free trial of the premium after 30 days, or if it ends automatically. 

 

Android is open-source code and thus able to be scanned by Malwarebytes, but iOS is not open-source. Android mobile devices can be scanned by Malwarebytes but not iOS devices. 

 

The differences in the two are shown on this page: 

 

https://www.malwarebytes.com/mobile/

 

Or see screenshot. (under spoiler tag) 



IMG_6659.jpg

 

 

 

 

Edited by missy_

Share this post


Link to post
13 minutes ago, missy_ said:

There is a free version and a premium version. The free version comes with Premium features free for 30 days. I don't know how one ends the free trial of the premium after 30 days, or if it ends automatically. 

It reverts to the free version after the 30 days, but will pop up messages daily about getting those features back by getting the paid version. At least that is what happens with the PC version, I don't know about the mobile version.

Share this post


Link to post

Mine is still acting up Fuzzbucket. It worked for an hour and then i started getting redirected again. It even happens on the forum as well since yesterday 

Share this post


Link to post

@emetib92, try the following:

 

(But first: What version of iOS are you running?)

 

Close Safari on your iPhone. Note: Doing the following will cause you to lose all your tabs and your history and log you out of all websites. But if the adware keeps coming back, it is recommended (if you haven't already).

 

Go to Settings / Safari / Advanced / Website Data / 

 

Click on (remember, it will remove all your history, cookies, tabs, etc.) "Remove All Website Data."

 

Once that is done, try using one or more content blockers, including Malwarebytes and others. 

 

I like AdGuard (on the App Store). 

 

To use a content blocker, download it from the App Store, then enable it in Settings / Safari / Content Blockers / make sure the switch is set to on (green) for the content blockers you want to enable.

 

I use the free version of Ad Guard with the following filters enabled:

 

Whitelisting: You can whitelist domains like dragcave.net, or don't whitelist anything until the issue is resolved.

 

Ad Blocking -- AdGuard Base filter and AdGuard Mobile Ads filter (Easy List is rolled in)

 

Privacy -- AdGuard Tracking Protection filter, Easy Privacy, Fanboy's Enhanced Tracking List, Fanboy Anti-Facebook List, Fanboy's Anti-thirdparty Fonts

 

Social Widgets -- AdGuard Social Media filter, Fanboy's Social Blocking List

 

Annoyances -- AdGuard Annoyances filter, Fanboy's Annoyances, Web Annoyances Ultralist, Adblock Warning Removal List

 

Other -- Filter unblocking search ads and self-promotion, AdGuard Safari filter, AdGuard Simplified domain filter, BarbBlock

 

There are other filters to choose from under Language.

 

~~~~~

 

In addition, in iOS 12 there are certain Experimental Features enabled by default by Apple for Safari (Settings / Safari / Advanced / Experimental Features), including "Blank anchor target implies rel=noopener" and "Swap Processes on Cross-Site Navigation" which should help keep you secure. 

 

I hope you find a solution to this problem. Good luck! :)

 

 

Share this post


Link to post

Posted (edited)

I had some weird redirections a couple weeks ago as well. It only happened on my computer and on the two sites I had my adblocker disabled on, Flight Rising and Dragon Cave. Malwarebytes never picked up anything and ever since I switched uBlock Origin back on for both sites I stopped getting redirected. Perhaps the redirection originated from some malicious ads on these sites and not necessarily a virus, as Shadowdrake suspected? No idea if the redirections are the same ones that people are speaking about here though, but I figured I'd share my recent experience regardless. It's always good to scan your device anyway when something suspicious like that happens.

 

I suppose I should get an adblocker on my phone also seeing as people are still experiencing this. It's a shame as I wouldn't mind giving the ad revenue to these sites.

Edited by Nagapie

Share this post


Link to post

Posted (edited)

@missy_ how do ya’ll know so much about phones? ❤️ i just cleared my website data and im currently downloading Ad Guard. My current iOS verion is 12.3.1

 

-update- So far so good. I was on Dragon Cave for a few minutes and no redirection.. This morning i was redirected as soon as I logged in, so this is a good sign. 

Edited by emetib92

Share this post


Link to post

Part of the issue is when you revisit the site that infected you.

Share this post


Link to post

Hm, interesting. I'd been getting (blocked, because my phone is protected) redirects on the forums too. Only there and I don't really use my phone's browser for anything but DC and the forums.

Share this post


Link to post
11 hours ago, Fuzzbucket said:

Did you use the link I posted ? Adblockers don't pick up all malware. That ad has been hitting people all over and everyone I have given the link to has found that using malwarebytes (specifically) has said that that stopped it.

 

 

Yes, that is why I'm reopening the topic, because your recommended solution unfortunately didn't work (and I'm on Android, which actually lets the app detect malware).

 

 

Since the issue stops happening with adblocks turned on it does sound like a malicious ad, which isn't a surprise when you learn how much ads can actually do and how much info they can get from you.

Share this post


Link to post

I've gotten redirect notifications on dragoncave as well. My Chrome blocked it though. I just kept getting a "redirect blocked" message. I use an Android. I don't use adblock.

 

 

Dragcave may be getting some malware ads. 

Share this post


Link to post

Posted (edited)

I temporarily whitelisted Dragon Cave, then went to the Trading area, and got one of those pop-ups.

 

"Dear iPhone user, Congratulations iPhone user! You are one of the 10 users we've personally selected for a chance to get a $1000 Visa gift card or $1000 walmart giftcard!" 


Screenshot below. The web address said ... see screenshot for the web address, but do not visit that website; it isn't safe.

 

Analyzing the offending site using Trend Micro indicates that the site is dangerous and contains phishing or malware. https://global.sitesafety.trendmicro.com 

 

(The Trend Micro website is safe to visit and you can type in the offending URL to see the results. I will also post a screenshot.)

 

 

 



 

iphone_phishing.jpg

screenshot.png

 

 

 

 

Edited by missy_

Share this post


Link to post

Posted (edited)

Update: I have whitelisted dragcave.net for several weeks, and have not seen that sort of pop-up again.

 

In testing, I turned off AdGuard entirely.  

 

I believe the issue has been rectified.   Happy to have dragcave whitelisted again. :)

 

ETA: I will keep testing to make sure; if anyone else has issues, please report them.  :) 

Edited by missy_

Share this post


Link to post
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.