1. Download the #1 Android News App:   EarlyBird - News for Android
    Dismiss Notice

Potental threat, or not?

Last Updated:

  1. pequeajim

    pequeajim Well-Known Member

    I received an email from a friend that contained a link to an .apk file labeled security-update.apk, (or something like that). I am usually very good at not clicking on links until I can verify what it is, but this person occasionally sends me links to movies of her kids, which I enjoy.

    Also, factor in that the email notification which came at 4:30 in the morning which woke me up, so I wasn't thinking clearly.

    As soon as I clicked on the link, I knew something was not right as it initiated a download of the file. I deleted the file after it downloaded, but am still worried.

    Can these type of links download and automatically start the update without asking for your consent? I have side loading turned off.

    I'm slightly worried...

  2. Mostly Harmless

    Mostly Harmless Well-Known Member Contributor

    Personally, I would never download an .apk unless I was absolutely sure of where it came from. I have side loaded apps before (mostly beta apps). I would also be very skeptically of downloading anything with "security" from an unknown source.

    Considering that you never installed the .apk you should be fine. You would have received a prompt asking you if you wanted to install it and if you accept the permission of the app. I wouldn't be too concern, just be a bit more vigilant next time.
  3. pequeajim

    pequeajim Well-Known Member

    Yeah, this one caught me off guard in the early morning hours. I couldn't have been setup any better as she had just returned from a family outing with her kids. I emailed her to let her know what is happening. No, you're right. I should be good because nothing was loaded. As soon as I saw what was downloading, I did an "oh shit" and immediately woke up :)
  4. Digital Controller

    Digital Controller The Real Bass Creator Guide

    Downloading it should be fine as long as you didn't run it.

    Might want to verify that this person actually sent this email, sometimes emails can be compromised and fake emails can be sent out to multiple recipients.
    pastafarian likes this.
  5. pequeajim

    pequeajim Well-Known Member

    Thanks. Sent her an email about it as well as everyone copied on the list.
    LilBit likes this.

  6. Like DC suggests the lady's mailbox looks to have been hacked, sending malware to everyone in her contacts like it's coming from her, a seemingly trusted source. Imo she needs to change her password to her mail account asap.
  7. punkoboy

    punkoboy New Member

    That is correct. In addition, she should scan her computer with a good virus scanner like MalwareBytes. Is OP able to share a copy of the email that was sent (with full headers)? You can redact your personal information (name, email address, etc). I'm trying to obtain a copy of the malicious email, thanks!

  8. Exactly the same thing happenend to my Yahoo!Mail account yesterday (and possibly hundreds of thousands of others). It sent an email with just a URL in the body to a part of my contacts list. No message/text except for my email ID as a kind of closing signature. I immediately changed my password, alerted those recipients and am still running a comprehensive scan of my systems and HDs.
    11 (eleven!) hours later Yahoo caught on and temporarily blocked my account from sending "because of suspicious activity"... DUH!
    Anyway, it was unblocked after an authentication with a captcha, so apparently it was a bot.

    So sending you the header wouldn't tell you anything because it is my header.
    And I could of course post the URL that comprised the body of the message. But since that URL probably leads to a boobytrapped website that doesn't seem very sensible.

Share This Page