• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Android security question (visited hacked website...)

T

tbessie

Newbie
Hey folks, question for you...

A website I use from time to time appears to have been compromised by hackers (it redirected to a Russian website and started downloading an APK). I have told the website owners and they've fixed it.

A glutton for punishment (and because I couldn't believe the site had been hacked), I visited the site several times using my Nexus 5, to make sure this was actually happening. The download seems to have started a few times, but may have completed at one point (I think the phone asked me "Are you sure you want to download this file? It potentially contains malware" or something along those lines - this was a few weeks ago, so I don't remember everything I did).

My question is this - I had enabled installation of APKs that I didn't get from the Android store (since re-disabled). In a situation like what I described, can a download from a website *force* an installation of a malicious APK? I believe I answered "no" to Android's question about if I wanted to download the file, but if I had said "yes" by accident, would I still see some kind of installation method?

I ran a couple of anti-malware checkers on the phone afterwards, and they found nothing.

I'm just getting paranoid, so wanted to check here to see if anyone's experienced this before, and what I should expect my phone to have told me in a case like this.

- Tim
 
I don't think a site can force you to run an apk? do you have sideloading enabled? if not as far as it would get anyway would be the prompt "enable sideloading blab blah in options"

if you are really still not sure about it just nuke the site from orbit, the only way to be sure (by which I mean backup your stuff and do a factory reset)

:)
 
Sandgoose said:
I don't think a site can force you to run an apk? do you have sideloading enabled? if not as far as it would get anyway would be the prompt "enable sideloading blab blah in options"

if you are really still not sure about it just nuke the site from orbit, the only way to be sure (by which I mean backup your stuff and do a factory reset)

:)
Click to expand...

I had "Unknown Sources" enabled at the time - if that's what you mean by sideloading, then yes (tho' I've since turned it off).

I'm hoping to avoid a factory reset, since it took me a million years to set up the damn thing originally. :-)

That's why I was wondering if antimalware apps would likely detect it, or if I should see anything in the browser Downloads folder, or see a new installed app in the app list, etc. I guess sufficiently advanced malware could hide all traces of its exploits, eh?

- Tim
 
You would have to accept installation for it to do any harm so unless you might have hit "yes" at the installation screen theres nothing to worry about.
you could have a look through the application manager to see if theres anything that looks like it shouldnt be there and google the app name
 
funkylogik said:
You would have to accept installation for it to do any harm so unless you might have hit "yes" at the installation screen theres nothing to worry about.
you could have a look through the application manager to see if theres anything that looks like it shouldnt be there and google the app name
Click to expand...

This. Even if a site can automatically download an APK, you still have to click the Install button - and that's only after you've allowed installing apps from unknown sources.
 
Android is really safe in that respect :)
Just had a thought. If youre worried about the apk, it should be in your sdcard/download folder so use a file explorer to go in there and delete it
 
funkylogik said:
Android is really safe in that respect :)
Just had a thought. If youre worried about the apk, it should be in your sdcard/download folder so use a file explorer to go in there and delete it
Click to expand...

Definitely nothing there. I asked over at Brighthand, tho' (where many old-timers like me hang out), and the moderator suggested that even if it doesn't seem like anything has been installed, for all I know there could be some "harmless-seeming" app that "activates" code sitting in the browser cache or something like that. This kind of thing has been discussed online (I've read some articles about it); some have recommended being better-safe-than-sorry and factory resetting, but I shudder to think of starting from scratch (I have a LOT of apps and settings, many of which I can't back-up).

- Tim
 
Is the phone rooted?

FDR is my first suggestion as well if you're really worried about malware. Better yet, a fresh install of a factory image.
 
To me that sounds like misinformed scaremongering Tim. Android is very different to windows but then im very relaxed when it comes to security.
The way i see it, on an unrooted phone, malware has nowhere to hide :thumbup:
 
Rxpert83 said:
Is the phone rooted?

FDR is my first suggestion as well if you're really worried about malware. Better yet, a fresh install of a factory image.
Click to expand...

Not rooted, no. Probably not being rooted is better in a case like this, eh? (no chance of malware getting into system files etc?).
 
I think root can still be gained on a locked device but I also think rxpert was just playin with us and the odds of that happening are negligible :D
 
funkylogik said:
I think root can still be gained on a locked device but I also think rxpert was just playin with us and the odds of that happening are negligible :D
Click to expand...

There are certainly software level root exploits.

That's how all the one click root apps work(ed). Most known exploits are patched as time goes on, but it depends on how up to date your phone is.

In reality, the chances of that are pretty low.
 
You must log in or register to reply here.
Back
Top Bottom