I'm looking for advice from knowledgeable and experienced individuals on going forward after a Malvertising hit?
First the background information, I'm running a Verizon Samsung Note 3 with the stock firmware that is currently up to date as far as I'm aware the last update was about a month ago. I'm running Webroot SecureAnywhere Mobile on the system and it is also up to date. I was using the stock browser and was looking at older video game consoles on GameStop's website when I got hit by a Malvertising ad.
Not once during this whole process did Webroot register any hits or block anything. First a typical fake virus ad popped up then nearly immediately another page popped up that appeared to be in maybe Russian? Then the system began to download a file all in a matter of seconds. I hadn't even had time to click on anything. I know better than to click on anything to do with those types of things. I usually terminate processes like that from the task manager. Anyway the system downloaded an APK file to the downloads folder that was called "clean.apk".
I immediately rebooted the device. While rebooting the Samsung screen ominously showed the words "Custom" and an unlocked pad lock symbol. I have never seen this before and this is a stock firmware non-rooted device. When the device started I put it into Airplane Mode then using the folder browser I deleted the "clean.apk" file. I looked through the installed apps, running apps, etc. and could find no instances of any suspicious processes that I could tell.
I tried to run the SecureAnywhere virus scan off-line, but since it is cloud based that didn't work. I had to take the device out of Airplane Mode to be able to run the scan. I ran multiple consecutive scans all came back clean. I put the device back into Airplane Mode and rebooted the device again and this time the stock Samsung boot screen appeared and the ominous "Custom" and unlocked pad lock were gone.
I looked through all of the Application Manager, and didn't see anything that looked out of place, but then again I'm not an expert and probably wouldn't know the difference.
And here I am now with my phone powered on, but in Airplane Mode, wondering what I should do next? Google didn't turn up any helpful results too many unrelated hits.
Best answer by Baldrick
View original