First I apologize if this isn't the right forum. I looked around and this seemed to be the best fit I could find.
I'm looking for advice from knowledgeable and experienced individuals on going forward after a Malvertising hit?
First the background information, I'm running a Verizon Samsung Note 3 with the stock firmware that is currently up to date as far as I'm aware the last update was about a month ago. I'm running Webroot SecureAnywhere Mobile on the system and it is also up to date. I was using the stock browser and was looking at older video game consoles on GameStop's website when I got hit by a Malvertising ad.
Not once during this whole process did Webroot register any hits or block anything. First a typical fake virus ad popped up then nearly immediately another page popped up that appeared to be in maybe Russian? Then the system began to download a file all in a matter of seconds. I hadn't even had time to click on anything. I know better than to click on anything to do with those types of things. I usually terminate processes like that from the task manager. Anyway the system downloaded an APK file to the downloads folder that was called "clean.apk".
I immediately rebooted the device. While rebooting the Samsung screen ominously showed the words "Custom" and an unlocked pad lock symbol. I have never seen this before and this is a stock firmware non-rooted device. When the device started I put it into Airplane Mode then using the folder browser I deleted the "clean.apk" file. I looked through the installed apps, running apps, etc. and could find no instances of any suspicious processes that I could tell.
I tried to run the SecureAnywhere virus scan off-line, but since it is cloud based that didn't work. I had to take the device out of Airplane Mode to be able to run the scan. I ran multiple consecutive scans all came back clean. I put the device back into Airplane Mode and rebooted the device again and this time the stock Samsung boot screen appeared and the ominous "Custom" and unlocked pad lock were gone.
I looked through all of the Application Manager, and didn't see anything that looked out of place, but then again I'm not an expert and probably wouldn't know the difference.
And here I am now with my phone powered on, but in Airplane Mode, wondering what I should do next? Google didn't turn up any helpful results too many unrelated hits.
Solved
Advice? - Going Forward after a Malvertising Hit
Best answer by Baldrick
Hi seven_7_vii_th
Welcome to the Community Forums.
You have indeed posted in the approrpiate place in the Community...;)
Based on what you describe I would recommend that you Open a Support Ticket to advise the Support Team of the issue (you can link this thread in the ticket so that you do not have to regurgitate the detail already provided). Hopefully they can investigate & advise as to what the best option is for you going forward.
Regards, Baldrick
View originalWelcome to the Community Forums.
You have indeed posted in the approrpiate place in the Community...;)
Based on what you describe I would recommend that you Open a Support Ticket to advise the Support Team of the issue (you can link this thread in the ticket so that you do not have to regurgitate the detail already provided). Hopefully they can investigate & advise as to what the best option is for you going forward.
Regards, Baldrick
Reply
Rich Text Editor, editor1
Editor toolbars
Press ALT 0 for help
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.