4

I'm hoping someone can help me here. Yesterday I was doing some research for an essay when I clicked a website (very dumb of me, who never clicks suspicious websites or links) that redirected me. I immediately backed off, the page didn't load. If anything I spent about a second there. Being the paranoid person I am, I have malware bytes installed, scanned, clear. Avast, clear. Sophos warned me about a PUA, which was a .com.google.chrome(some letters) file. Immediately deleted it, but then again Sophos also warned me about another app being a PUA, when it's in fact, safe.

I cleared the google chrome cache. I'd like to note that I DID NOT download anything, I didn't click any links, I didn't click anything but the back button, I didn't give any permissions. I'm on android 10, Xiaomi redmi note 7 (encrypted), and updated to miui12 last night. My phone isn't acting odd or anything.

I'm just extremely worried about being infected. I checked that website on hybrid analysis which came back as malicious (attack method as hooking), virus total said the same, but google safe browsing didn't detect anything, this site was detected as malicious on 2-3 checkers. I was on google chrome at the time. Should I be concerned?

I don't do banking on my phone as I have a separate apple device for that.

Is there anything else I can do, for peace of mind? Thanks in advance.

Random person
  • 41
  • 1
  • no worries android is not vulnerable from malware (except for user granted malicios apps - you would know it if you have installed something). therefore such apps like Avast are useless in my opinion (this is not a broad statement as root kit for mediatek chipset exist, but your device is qualcomm chipset). if you paranoid do a factory reset – alecxs Jan 25 '21 at 13:43
  • in case your device has confirmed malware detection then it's most likely shipped with data mining spy app by manufacturer itself https://www.xda-developers.com/report-android-phones-transmit-data-to-adups-a-chinese-firm – alecxs Jan 25 '21 at 13:47
  • 2
    @alecxs Please be careful with such general statements. If an Android device is vulnerable depends on the installed Android version and the patch level (if the device gets security updates and if those updates really patch all known security problems). Also the used app/browser has to be considered. See for example this: https://i.blackhat.com/USA-20/Thursday/us-20-Gong-TiYunZong-An-Exploit-Chain-To-Remotely-Root-Modern-Android-Devices.pdf – Robert Jan 25 '21 at 13:48
  • @Robert even in such corner cases (like xhelper) i hold on my opinion such antivir apps are completely useless – alecxs Jan 25 '21 at 13:53
  • 2
    @alecxs I was talking about your statement no worries android is not vulnerable from malware. This is not true. – Robert Jan 25 '21 at 13:56
  • @alecxs I totally agree with the mining spy app. I've heard of it. I have a lot of stuff on my phone (pictures and videos, mostly) and it'd take a while to back up. Can you elaborate on why manufacturers do so? I'm trying to find a safe device to buy, but at this point all of them have spy stuff on it. – Random person Jan 25 '21 at 15:04
  • @robert I have android 10, I updated everything last night (update from the manufacturer). Like I said I didn't download anything, I accidentally clicked on the website and backed out. No downloads were made, I didn't install anything. Just want to make sure my phone is safe to use. It's currently sitting on my desk on airplane mode. – Random person Jan 25 '21 at 15:06
  • if you have reason to believe that Chrome might have opened up a malicious link and you are unsure whether the link would linger in an existing tab or not, than clearing cache would not work. You have to clear data. 2) unless it is very private, do you think you can tell us on which website's page did you encounter that suspicious link? Full link would be nice. Also, what locale is set on Android? I suppose English.
    • – Firelord Jan 25 '21 at 23:00
  • You have a Redmi phone from Xiaomi and the latter is notorious for installing bloat (really bad ones too) so antivirus apps would naturally find PUAs there. Your Sophos app might be having a history of cleaning. See if you can find it. Tell us the package names there if you see them. You might also want to use a firewall. Whether the device is infected or not, a malware is useless for its author if it cannot connect to internet for command and control (provided it is not meant to sabotage your device -- unlikely) . – Firelord Jan 25 '21 at 23:04
  • Even if you do not click on anything within a website, and even if it does not fully load, you are still downloading content (and often scripts) from that site. That said, the overwhelming majority of malware is not spread these days by simply visiting a website. This is especially true if your web browser is up-to-date. Disabling scripting in the browser can help reduce the attack surface too. Is it possible to have a problem after just visiting a website? Yes, but it depends on many variables. If your browser is updated, is it likely these days? No. – End Anti-Semitic Hate Jan 26 '21 at 05:23
  • 1
    @Firelord I apologize for my late reply. I cleared data and cache. There is no package name.Yes, English! I ended up asking someone who understands website code. He told me there was nothing wrong with it, it redirected to google. www dot regionseffective dot com. I closed all tabs. – Random person Jan 26 '21 at 20:55
  • @Firelord can you check the website for me then, please? my browser is up to date and I have android 10. 2 people have told its a safe website. But I'm still anxious about it. – Random person Jan 28 '21 at 10:45
  • @Randomperson that website simply redirects me to Google search page. Tested on both Android and on a Desktop. – Firelord Jan 28 '21 at 11:28
  • https://android.stackexchange.com/q/233322 – alecxs Jan 28 '21 at 17:19
  • @Firelord Am I safe then? My phone isn't acting odd or anything. Just the occasional freeze that has been happening forever. this is what Sophos detected: Sorry, just wanted to share this from sophos - scanner " File '/storage/841B-0819/Download1/.com.google.chrome.TUFofX with threat/App/Other Android generic PUA removed from security assessment. Does this mean anything? I deleted it. I think this was on my SD Card since the Download 1 folder is on it. So was that website safe? – Random person Jan 28 '21 at 21:21
  • @alecxs great read. I haven't had that problem actually. – Random person Jan 28 '21 at 21:29
  • My download 1 folder has been on my sd card for years - its not a new thing. I have 2 download folders on purpose. @Firelord – Random person Jan 28 '21 at 21:54