Android malware from website ad pop-up 9azx2fic .top

[anon(730457)]

I randomly get this link opening windows in my Android browser (Chrome, latest) from random websites seemingly (I think from ads, though the sites tend to be alt-right or adult sites), and it's happened so many times and I'm finding so little info that I'm posting here. It also makes my phone vibrate/buzz, though just for a second, which I didn't think was possible from a website.

I'll post the link below, but it takes me to a website that says "Your system is heavily damaged by (#) virus!", then randomly (no matter what I do, though I only tap Back or try to go to the address bar or menu button) it'll open other page or Javascript alert boxes with various fake virus warnings... usually the only way out is to close the tab.

Screenshot of initial screen: Imgur: The most awesome images on the Internet

Full URL in the address bar at the time (DON'T CLICK IT, space added): http://us.9azx2fic .top/w/0_index0.php?brand=xxx&model=xx&ip=xxx.xxx.xxx.xxx (I've removed my info from it)

I've looked up the domain on ICANN: https://whois.icann.org/en/lookup?name=us.9azx2fic.top

The address is in Panama, the registrar is Namecheap, and the creation/update date is Mar 31 2017. I can report it to Namecheap but who knows if they'll even care.

Anybody else see this? I'll take screenshots of the other screens if it happens again (I've seen it happen maybe 8 times on various phones, though I didn't check the URL closely) but sometimes things are changing so fast that it's hard to get data or I get spooked too much and close the tab.

 

[B. Diddy]

These kinds of popup browser windows are designed to scare you into thinking it's a legitimate error message, and therefore downloading an "antivirus" app that is most likely malicious itself. Does this only happen when you're browsing? If so, then they're most likely associated with the sites you're trying to visit -- avoid them. If they happen when you're on your homescreen or in another app, then they're likely due to some adware that got installed to your phone (typically alongside some other app you installed) -- in this case, you probably have to uninstall apps one by one until the behavior goes away.

 

[anon(730457)]

Diddy, I know what they're designed to do; do you think someone who can look up and understand ICANN WHOIS doesn't know that? Sorry if that wasn't clear implicitly, but my question is:

Anybody else see this?

I'm reporting this here because I haven't found any reference to it anywhere else but it's been the most common malware I've seen while using my phone (all in Chrome by the way) by far, and I don't get much of this stuff on my phone anyways. You're really answering a question I didn't ask.

 

[B. Diddy]

We often see questions about popups like this, so I was addressing your question of "Anybody else see this?" The answer is yes -- I've seen it, and so have others here. I wouldn't call it malware per se, since it has more to do with popups or redirects associated with a specific website (rather than some malicious code that has been installed to the phone). Does this only happen when you try to visit certain sites, or is it happening even when you go to a common site like Amazon?

 

[Aquila]

This is definitely not Android malware, but are instead attacks from shady websites using their advertising networks and/or abusing cookies. The best way to avoid seeing them is to clear cache, avoid shady websites and never click on links without knowing where they go.

 

[xocomaox]

I get this often, because I brows shady websites. It's to be expected.

Also, you mention vibration. If you didn't think this was possible, please re-read the permissions you agreed to when installing Chrome.

 

[Golfdriver97]

This sounds like a classic browser hijack. You should be able to get rid of it with a data clear for Chrome.

 

[anon(730457)]

Well, at least I've posted the malware website... considering how many computers and laptops I've fixed due to people being fooled by things like this, my guess is a ton of Android users have fallen victim to it (whatever it ultimately does), so maybe someone else will find it here from search and maybe that will help put a stop to this or sites its affiliated with (or at least help a little).

 

[Mustang5point0lx]

Found this post while searching Google for info on a website. Couldn't find a shred of info about the subdomain. I WAS on a medical/health page and suddenly a BS redirect happened as I was scrolling. Phone vibrated and this stupid thing from some weird "us.peroxidize13ia .top" (the link had extra info added, but don't click that just in case). That page tried jacking my phone. ALL further attempts pressing the BACK button would NOT exit the page.

I have included a screen image of what popped up. That screen actually scrolls down for more nonsense. If anyone knows anywhere sites like these can be reported, i'm all ears. Thanks

 

[anon(730457)]

Found this post while searching Google for info on a website. Couldn't find a shred of info about the subdomain. I WAS on a medical/health page and suddenly a BS redirect happened as I was scrolling. Phone vibrated and this stupid thing from some weird "us.peroxidize13ia .top" (the link had extra info added, but don't click that just in case). That page tried jacking my phone. ALL further attempts pressing the BACK button would NOT exit the page.

I have included a screen image of what popped up. That screen actually scrolls down for more nonsense. If anyone knows anywhere sites like these can be reported, i'm all ears. Thanks

To me it's an Android security issue if a webpage or ad can prevent your Back button from working or vibrate the phone or prevent you from closing the tab.

Whenever this happens (and it's maybe a few times per month on any Android device), I have to hit the Home button, hit the Recents button, swipe Chrome off, then open Chrome again and either the spoof is gone or I have to quickly tap the multi-tab button to clear the tab, which usually deletes whatever previous web page I was trying to read, which have usually been general harmless news sites, but sometimes they are stores.