No self-respecting Hackerman (or woman or otherwise) would be awake at 8:30 AM
I’m just kidding, I’d imagine most of the time this sort of thing is automated. I guess if they are trying to target random end users machines it is to build a botnet but who knows. I just know all the times I’ve ever run web servers at home I would get tons and tons of random HTTP requests coming in from China, Russia, etc trying to get to random admin page paths for common CMS systems.
Even if you didn’t do it for expert reasons it would still be off for someone to call you out for being “gullible as hell”. That is victim blaming. And, frankly, the pop ups were far more plausible than many.
Internet security is at a really horrible level where it is still on users to discern whether or not they are being professionally attacked and to know the difference between legit installers and fake installers, even though they can look and act essentially identically.
You have a point, don’t click that kind of stuff if you are a RandomDude
However, if you are the type of person (like dragonfrog seems to be) that knows how this stuff works, and you know the risks and how to keep yourself safe, you can have a look and actually learn something about the exploit.
Thanks for your quick thinking and informative work @dragonfrog!
I don’t understand too much about what is going on in those reports, I see one of the included exploits was a banking trojan? Possibly used for hacking peoples bank accounts? Interesting stuff either way!
Without further research just guessing on some of the names that trojan carries in the linked “analysis” this is close to what Ken said upstream. They didn’t intend to mine any crypto-bullshit on your phone, but instead went on to exfiltrate banking information. Catching SMS for TANs (now phased out, but still very much alive), able to survive a reboot, able to record even audio… Fuck that shit. I was wondering it this was related to this, but based on your info it doesn’t seem to be the case:
(Sorry for link to Furbs, they annoy me much but I think that’s actually a good piece.)
Yeah, I’ll be processing those for the site. Just send me your credit card number and expiration date, CVV code and billing address.
For added security it is recommended that you also send me your social security number, mother’s maiden name, and where you went to high school.
Gotcha. Didnt know there were ways to do that safely.
Im not an IT guy.
For the record- others mentioned something about bank hanking hardware- if I didn’t click on the ad, is it at all possible I was infected?
I know nothing of protective software against anything on my phone- can you recommend anything? I use linux on desktop, and don’t have to deal with shit like this. I have no idea how to even check my phone to see its exploited. Can you help explain anything here?
Its like windows all over again, when I have to learn how to protect an android phone. I don’t know what to trust in the app store, if anything. It all looks shady af and all the icons and names are too similar.
Generally you’ll be fine if you didn’t click on anything but it’s always good practice to have your antivirus do a scan out of an abundance of caution when anything remotely strange happens as there’s multiple ways malicious actors can steal info.
I used to think that, but there have been way too many no click needed exploits. I would no longer say that “generally” you’ll be fine if you don’t click, rather I would say you are safer if you don’t click, but not safe.
I mean, I know we’re kind of generally agreeing with each other. But I think that the safer default assumption these days has to be that you may have infected If you visited a malicious URL rather than you probably haven’t been if you haven’t clicked.
Having a good antivirus helps, not just the default Windows one. I have Kaspersky and its caught/stopped malicious sites and popups from doing anything. Even then i still like to run a scan to ensure nothing slipped through.
