Malware on iPhone? Unwanted “Congratulations Apple iPhone user” Popup Malware Erases Existing Site from Browser History + Improper Security Certificate
See below—I have gotten this unwanted apparent malware 5 or 6 times now at Dilbert cartoonist Scott Adams at https://www.scottadamssays.com.
I don’t know if that site is compromised/infected or just has taken very poor stock of its advertiser network. This is nasty unwanted stuff.
Does anyone out there understand what is going on?
- I am running iOS 13 on my iPhone.
- I have not seen it happen on the computer, though I rarely visit the site that way.
- It seems to occur when I refresh the site half a day or a day later.
- Always the same bogus improbable “you are a winner” thing, using persuasion of quotes buy other “winners”.
- It always wipes out browser history of the page I was on (iOS, Safari) so that I cannot go back; this malware is now the page and there is no prior page.
- NOT an April Fool’s thing; it has been going on for maybe a week or so.
If not outright malware (can my phone with iOS be infected?), maybe it is a compromised advertising network. Either way, Scott Adams had better go take a close look at the ad networks he is using as well as overall site security.
Arne C writes:
Moin! (as we say here in northern Germany)
If you look here, you know that, whoever created the site for him, implemented a load of trackers and advertisers.
My solution for iOS: I use „Purify“ to filter bad stuff for Safari with Ads and Tracking + social buttons + custom fonts FILTERED. And I use iCab mobile as my main browser set to „private“ mode Mobile devices are much harder to harden against all sorts of malware and spyware than PC/Macs.
MPG: what a privacy invading mess: problems with security policy, strict transport security not implemented, content security policy has SERIOUS problems, referrers leaked, 44 cookies including 39 3rd-party co0kies, 128 requests to 46 unique hosts.
Simon N writes:
I have seen this issue before (at least on iOS 12, maybe even earlier), mostly when doing a search and then following a link to a search result.
MPG: no searching involved in my case. I’m guessing an unethical or compromised (hacked) ad network problem, since Adams' site is chock fill of ad tracking garbage.
Aln K writes:
The procedure either after installing or using an app should always be:
1. to consult the traffic log either in-app (e.g. Disconnect.me) or at DNS provider's site (e.g. NextDNS.io, offers additional infos to logged domains) and examine the domains and their owners!
2. To realize that an app (or website) whose output is mostly blocked is an ill-minded app (or website) - and look for alternatives
Of course this has its own disadvantages: You always have to fix site dependent problems as they will do !everything! to f'k you for their percentage - that's the game.
But when you start to engage these measures whenever you have time and energy, there will come a day it will your second skin (and you will even start avoiding others as they will pose a threat for you now - your contacts using their technologies will become their moles.)
Take time and start by reading these (Caution: their huge, but worth reading. Take your time, one after one.)
(you will read interesting things about some so-called privacy and security minded projects)
Incompetent security too
Adams’s site also fails to use a proper site certificate—it will not work without the "www" prefix. This is basic incompetence in web site implementation (and unfortunately fairly common these days.)
It scares people with a security warning (I do not expect Scott to be an expert on web sites, but I *do* expect him to make sure the people he hires are not incompetent).