• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Security: Chrome redirected to malware site and other odd behaviour

nickw1

Lurker
Dec 19, 2017
4
1
Hi,

Had odd behaviour on my phone this morning, I was logged out of Facebook without doing it manually and had to log back in, then I used facebook for a while this morning.

When I ran Chrome it directed me to a site saying "Facebook special offers" or some such with a button to click (which I obviously didn't). Avast then detected this site as a malware site.

General scans of the device using Avast and Malwarebytes didn't detect anything.

I haven't looked at anything obviously malicious myself, but the only link is that yesterday my girlfriend (who is friends with me on facebook) unintentionally visited a malicious site on Chrome (which was supposed to be a cookery site, but it ended up showing her porn and she clicked a button she probably shouldn't have).

My question is, where to go now?
I will reset my main Gmail password and my Facebook password, also (maybe in a bit of a panic) I have factory reset my phone.

Do I need to do anything drastic like completely shutdown my Facebook account?

Last night (before the issue arrived on my phone) I changed her Gmail and Facebook passwords.

On my phone there are two old Gmail accounts, which I have completely forgotten the password of, but were associated with the phone. Is there any way I can completely deactivate these without knowing the password?

FWIW device is Nexus 5 running Android 6, I presume I'll be able to update back from 4 to 6 when the phone reboots after reset.

Thanks,
Nick
 
I'd not do anything drastic yet. It's probably just Chrome itself that's affected, most likely a malicious ad script from that site that's redirecting the browser. Clearing the Chrome app's cache may well be sufficient to clear it (from Settings > Apps). If not try clearing its history, or if all else fails clearing all data for Chrome.

An Android phone is not a Windows PC, so malware can't infect the actual system without you first installing an infected app (i.e. there are trojans for Android, but no actual viruses). So unless she actually clicked "install" on something the porn site downloaded, and confirmed that she wanted it to install, and you have installation from unknown sources enabled in the first place, I don't think it's anything that serious, and I doubt this would be a one-click process you could do accidentally. So really, see whether sorting out the browser is enough before panicking further.

BTW all a "factory reset" does is erase user-installed apps and all data. It doesn't affect the system in any way, so will not undo OS updates (nor would it undo any mods to the system - if your actual system software was infected you'd need to download and flash a factory image to fix that. But that's even less likely than the phone having been infected with a malware app, since it would require it to be vulnerable to an exploit that can give malware root privileges, which an up-to-date N5 shouldn't be).

Edit: Sorry, re-read your post and see you have already reset. That was probably more than was needed. Changing passwords is probably worth it for peace of mind, but if it was what I think then it's unlikely even that was necessary (though if you entered a password to log in to FB while the browser was misbehaving then I'd probably do so just to be safe).
 
Last edited:
  • Like
Reactions: Unforgiven
Upvote 0
I'd not do anything drastic yet. It's probably just Chrome itself that's affected, most likely a malicious ad script from that site that's redirecting the browser. Clearing the Chrome app's cache may well be sufficient to clear it (from Settings > Apps). If not try clearing its history, or if all else fails clearing all data for Chrome.

An Android phone is not a Windows PC, so malware can't infect the actual system without you first installing an infected app (i.e. there are trojans for Android, but no actual viruses). So unless she actually clicked "install" on something the porn site downloaded, and confirmed that she wanted it to install, and you have installation from unknown sources enabled in the first place, I don't think it's anything that serious, and I doubt this would be a one-click process you could do accidentally. So really, see whether sorting out the browser is enough before panicking further.

BTW all a "factory reset" does is erase user-installed apps and all data. It doesn't affect the system in any way, so will not undo OS updates (nor would it undo any mods to the system - if your actual system software was infected you'd need to download and flash a factory image to fix that. But that's even less likely than the phone having been infected with a malware app, since it would require it to be vulnerable to an exploit that can give malware root privileges, which an up-to-date N5 shouldn't be).

Edit: Sorry, re-read your post and see you have already reset. That was probably more than was needed. Changing passwords is probably worth it for peace of mind, but if it was what I think then it's unlikely even that was necessary (though if you entered a password to log in to FB while the browser was misbehaving then I'd probably do so just to be safe).

Thanks - good to know! :)
I have reset and (as you say) I'm still on Android 6 - anything important on my phone was backed up anyway.

Thanks very much!
Nick
 
Upvote 0
Sorry.. just one more thing - What about the odd Facebook behaviour btw? The fact I was logged out, I certainly don't remember logging out. One thing I also got was 'can't set up English/UK at the moment' when I logged into FB which was odd.

As you said , probably nothing to worry about but just curious about this behaviour.

Thanks!
 
Upvote 0
It's hard to say why you were logged out. Was this with the app or the browser, and if the latter was the browser closed down at any point (which might have logged you out)? Can only guess really, which is why it probably is advisable to change your FB password, or/also set up some extra security (enabling alerts about logins from unfamiliar devices at least, or setting up two-factor authentication). You can also see which devices have accessed your FB account recently from FB's security settings (though if accessed from a browser it only tells you the operating system and the location of your ISP - it's telling me I'm accessing it from 130 miles from where I actually am at the moment. With the app it tells you what device type as well).
 
Upvote 0
I haven't looked at anything obviously malicious myself, but the only link is that yesterday my girlfriend (who is friends with me on facebook) unintentionally visited a malicious site on Chrome (which was supposed to be a cookery site, but it ended up showing her porn and she clicked a button she probably shouldn't have).
I bet the cooking site had a bad actor in its ad network. It has happened here before too.
 
Upvote 0
It's hard to say why you were logged out. Was this with the app or the browser, and if the latter was the browser closed down at any point (which might have logged you out)? Can only guess really, which is why it probably is advisable to change your FB password, or/also set up some extra security (enabling alerts about logins from unfamiliar devices at least, or setting up two-factor authentication). You can also see which devices have accessed your FB account recently from FB's security settings (though if accessed from a browser it only tells you the operating system and the location of your ISP - it's telling me I'm accessing it from 130 miles from where I actually am at the moment. With the app it tells you what device type as well).

Was with the app which was a bit strange. Changed my FB password already anyway, and the list of 'logged in' locations on FB didn't give me anything unexpected.
 
  • Like
Reactions: Hadron
Upvote 0

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones