Abnormal behaviour and possible malware infection

Toggle sidebar Toggle sidebar
R

RayRay226

Member
Sep 27, 2018
17
0
0
I'm using a Samsung Galaxy J7 Prime. Today, while browsing Instagram, I came across a person's profile, and clicked on their personal website link in their bio. Point to be noted, this profile wasn't some spam or bot or fake profile, the person is legit. Anyhow, I clicked on their website link and I was redirected through Instagram's in-app browser to the link. However, the page that was loaded was not some personal website but some spammy looking scam website and as soon as the page loaded my phone emitted this loud beeping noise that I had never heard before. I quickly hit the back button, but instead of going back to instagram, it started redirecting to other unknown websites that I'm sure were of the same kind, so I closed the window before those websites could load.

Next, I checked the original link I had clicked with VirusTotal, then performed a full scan of my phone with my installed antivirus ESET which is a paid premium version, Kaspersky which I have the premium on trial period and for good measure, also with Malwarebytes free version which I just downloaded from Playstore. Everything came up clean.

So I thought maybe the person's website domain had expired and thus it was instead redirecting to some scam site. I logged onto my computer, which has a fully up-to-date and reputable antivirus, a browser sandbox and a powerful adblocker, and tried to open the link again. The link did not load anything, did not redirect anywhere, it simply showed a blank page. No error message either that the website doesn't exist or something.

Now I'm really scared. If the link wasn't the problem, then why did my phone redirect to those websites and what was that beeping noise about? Is it possible my phone is infected?

I have never gotten redirects like this on other websites before, and I browse a lot usually.

Please help. Thank you very much.
 
Sort by date Sort by votes
To me, it sounds like your first instincts were correct. If after running all of your spyware/malware apps, you find nothing, I'd guess you just had an ad popup on your phone. The sound you heard was most likely built into the popup attempting to scare you into thinking your phone had been hijacked or infected with something. Pretty common scam technique.

Go into Settings. Click on your Apps list. Find Instagram and clear the cache and data. You'll have to log in again the next time you open it, but you'll be logging in to an app in a clean state.
 
Upvote 0 Downvote
Thank you guys for your responses. @Scienceguy Labs and @methodman89

After posting here, I did some research online, as I had managed to remember the name I had seen at the top of the page, and found this article https://malwaretips.com/blogs/remove-internetgazeta-cardvrmirrorr-ru/ online.

The page it had been redirected to had indeed been Internet Gazeta something, but the link had been different than the one stated in the aforementioned article. It was something competition.pngg or something but the site was probably cloned to look like Internet Gazeta. And according to this post, it's an adware that does this. However, none of my antiviruses picked up any adwares, also, none of my other websites have ever redirected to this site or any other unwanted site for that matter, but then again, I did try to visit the original link again on my computer and the redirect didn't happen, it only happened on my phone, so I'm kind of worried I might have adware installed on my phone that maybe ESET and Kaspersky and MBytes aren't picking up? I don't know if I'm being paranoid or what...Do you have any other suggestions as to how I can spot adware/malware on my phone? I've done a manual check of all the files stored in my Android system folder too, to check for anything suspicious and then use the internet to find out about it, but malware may hide its folders I suppose. I just want to be completely sure it was a random ad direct associated with the link and not something wrong with my phone and that it didn't infect my phone. I never download things from the internet except google images, and all my apps are trusted apps from official playstore, but things like these can always happen.

And yes, I've already messaged him about the link not working and redirecting to weird sites, he's got that link up on all his social media accounts not just Instagram, it's definitely not safe cause he owns a business and sells products through his website so it could hurt his credibility too.

Thanks for your help so far!
 
Upvote 0 Downvote
Here is a list of the "best" malware programs for Android.

https://fossbytes.com/best-android-antivirus-apps/

Most of them probably offer free scanning capabilities with purchases for extras, but at least you'll get an idea of what, if anything, might be in your phone. Usually, those pop-up virus sites require an extra step, like clicking on another link or button that will install the malware but anything's possible. I would imagine, if nothing is found after scanning your phone with a few from the list above, you're ok though.
You can log into your Google account on a pc, go into security, and look for any suspicious logins or activity if you're still worried. If you're still a bit concerned, about the only thing that will totally rule out anything is a factory reset of your phone. Then, on a pc, change your Google password before setting up your phone again. Hope that helps.
 
Upvote 0 Downvote
Hello,

Thank you again for the reply @Scienceguy Labs

I scanned my phone with 6 of the AVs in the list you provided, and they all came up clean, so I'll take my chances for now. If I see any problems with the functionality, then will do a factory reset. For now phone seems to be working fine since I first clicked that link, and it's been a week so...

I have one small question though. While scanning with Sophos, an app I know is completely safe came up in the list of PUAs, and two other apps came up in 'low reputation' apps. Now the PUA one I know is a false positive, but the 'low reputation' ones I'm not that sure. Both the apps have a lot of downloads and positive reviews on the playstore, and the parent company of one of the apps has another app in the editor's choice section as well (not the app I have installed on my phone, but it's from the same company). I tried looking into why Sophos was flagging them as not outright threats but low reputation, and while I admit I'm not at all versed in technical language, the list of reasons Sophos had seemed daunting to me. Should I be worried? I've had these apps for quite a while now, never really had any problems and I believe Playstore wouldn't make an app Editor's Choice from a company that distributes malware in their apps, but wanted to make sure...

Thanks a lot for all the help!
 
Upvote 0 Downvote
RayRay226 said:
Hello,

Thank you again for the reply @Scienceguy Labs

I scanned my phone with 6 of the AVs in the list you provided, and they all came up clean, so I'll take my chances for now. If I see any problems with the functionality, then will do a factory reset. For now phone seems to be working fine since I first clicked that link, and it's been a week so...

I have one small question though. While scanning with Sophos, an app I know is completely safe came up in the list of PUAs, and two other apps came up in 'low reputation' apps. Now the PUA one I know is a false positive, but the 'low reputation' ones I'm not that sure. Both the apps have a lot of downloads and positive reviews on the playstore, and the parent company of one of the apps has another app in the editor's choice section as well (not the app I have installed on my phone, but it's from the same company). I tried looking into why Sophos was flagging them as not outright threats but low reputation, and while I admit I'm not at all versed in technical language, the list of reasons Sophos had seemed daunting to me. Should I be worried? I've had these apps for quite a while now, never really had any problems and I believe Playstore wouldn't make an app Editor's Choice from a company that distributes malware in their apps, but wanted to make sure...

Thanks a lot for all the help!
Click to expand...
I can't really say for certain why Sophos gave those two apps a low reputation status without knowing what they were. Most likely, it has to do with the kind of permissions and number of permissions those apps require in order to work. I think you're ok.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

R
  • Question Question
Question Strange issue with my phone (possible ip problem)
Replies
5
Views
739
Ask a Question
B. Diddy
B. Diddy
S
  • Question Question
Question Unexplained Loud Popping Noise and Vibration on Pixel 6!
Replies
6
Views
787
Ask a Question
VidJunky
VidJunky
B
  • Question Question
Question Arthritis and Poor Eyesight
Replies
11
Views
788
Ask a Question
bearcat22
B
M
  • Question Question
Question app to make Android automatically check for new Gmail emails more frequently and notify it with a sound?
Replies
7
Views
1K
Ask a Question
Laura Knotek
Laura Knotek
MrMatthewHM
  • Solved
Question My Drive
Replies
4
Views
978
Ask a Question
MrMatthewHM
MrMatthewHM

Latest posts

Trending Posts

Members online

Total: 8,668 (members: 13, guests: 8,655)

Forum statistics

Threads
956,366
Messages
6,967,830
Members
3,163,520
Latest member
kiki2025

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom