Highly Recommended!
External SSD wish list • Deals on OWC
$220 SAVE $130 = 37.0% Western Digital 16.0TB Western Digital Ultrastar DC HC550 3.5-in… in Storage: Hard Drives	$680 OWC 2.0TB OWC Atlas Ultra CFexpress 4.0 Type B Memory Card in All Other Categories	$580 OWC 4.0TB OWC Envoy Pro Elektron USB-C Portable NVMe SSD in All Other Categories	$630 OWC 4.0TB OWC Express 1M2 USB4 (40Gb/s) Bus-Powered Portable NVM… in All Other Categories	$2380 OWC 72.0TB OWC ThunderBay 4 Four-Drive Thunderbolt External Stor… in All Other Categories

Newly In Stock: SEE ALL...
Sony Mirrorless wish list • Deals on Sony
$2997 Nikon Z7 II Mirrorless Camera OUT OF STOCK in Cameras: Mirrorless	$2297 Nikon D780 DSLR OUT OF STOCK in Cameras: DSLR	$2997 Nikon D850 DSLR OUT OF STOCK in Cameras: DSLR	$720 ZEISS 32mm f/1.8 Touit Lens for FUJIFILM X OUT OF STOCK in Lenses: Mirrorless	$497 Pentax 70mm f/2.4 HD Pentax DA Limited IN STOCK in Lenses: DSLR

Malware on iPhone? Unwanted “Congratulations Apple iPhone user” Popup Malware Erases Existing Site from Browser History + Improper Security Certificate

2020-04-02 • SEND FEEDBACK |

Related: Apple, Apple iOS, Apple iPhone and iPad, iOS, privacy, security

See below—I have gotten this unwanted apparent malware 5 or 6 times now at Dilbert cartoonist Scott Adams at https://www.scottadamssays.com.

I don’t know if that site is compromised/infected or just has taken very poor stock of its advertiser network. This is nasty unwanted stuff.

Does anyone out there understand what is going on?

I am running iOS 13 on my iPhone.
I have not seen it happen on the computer, though I rarely visit the site that way.
It seems to occur when I refresh the site half a day or a day later.
Always the same bogus improbable “you are a winner” thing, using persuasion of quotes buy other “winners”.
It always wipes out browser history of the page I was on (iOS, Safari) so that I cannot go back; this malware is now the page and there is no prior page.
NOT an April Fool’s thing; it has been going on for maybe a week or so.

If not outright malware (can my phone with iOS be infected?), maybe it is a compromised advertising network. Either way, Scott Adams had better go take a close look at the ad networks he is using as well as overall site security.

Malware apparently coming from https://www.scottadamssays.com

Reader comments

Arne C writes:

Moin! (as we say here in northern Germany)

If you look here, you know that, whoever created the site for him, implemented a load of trackers and advertisers.

https://webbkoll.dataskydd.net/en/results?url=http%3A%2F%2Fwww.scottadamssays.com

https://privacyscore.org/site/162782/

My solution for iOS: I use „Purify“ to filter bad stuff for Safari with Ads and Tracking + social buttons + custom fonts FILTERED. And I use iCab mobile as my main browser set to „private“ mode Mobile devices are much harder to harden against all sorts of malware and spyware than PC/Macs.

MPG: what a privacy invading mess: problems with security policy, strict transport security not implemented, content security policy has SERIOUS problems, referrers leaked, 44 cookies including 39 3rd-party co0kies, 128 requests to 46 unique hosts.

Simon N writes:

I have seen this issue before (at least on iOS 12, maybe even earlier), mostly when doing a search and then following a link to a search result.

MPG: no searching involved in my case. I’m guessing an unethical or compromised (hacked) ad network problem, since Adams' site is chock fill of ad tracking garbage.

Aln K writes:

Especially for mobile use, I recommend to use DNS based blockers like Disconnect.me (curates its own list) or NextDNS.io (offers a huge selection of open source tracker lists - this is what I use at the moment for all my devices, both are free and available in App Stores.) I encourage you to use such security measures and frequently look and examine their traffic. Furthermore, I recommend to switch to private mode in your browser, install an ad-blocker (I prefer 1Blocker,) use website dependent settings and setup your websites accordingly and turn of JavaScript and use JS or non-private mode only if forced to, like logins - but first try if you succeed without.

The procedure either after installing or using an app should always be:

1. to consult the traffic log either in-app (e.g. Disconnect.me) or at DNS provider's site (e.g. NextDNS.io, offers additional infos to logged domains) and examine the domains and their owners!

2. To realize that an app (or website) whose output is mostly blocked is an ill-minded app (or website) - and look for alternatives

Of course this has its own disadvantages: You always have to fix site dependent problems as they will do !everything! to f'k you for their percentage - that's the game.

But when you start to engage these measures whenever you have time and energy, there will come a day it will your second skin (and you will even start avoiding others as they will pose a threat for you now - your contacts using their technologies will become their moles.)

Take time and start by reading these (Caution: their huge, but worth reading. Take your time, one after one.)
https://restoreprivacy.com/
(you will read interesting things about some so-called privacy and security minded projects)
https://www.privacytools.io/

Incompetent security too

Adams’s site also fails to use a proper site certificate—it will not work without the "www" prefix. This is basic incompetence in web site implementation (and unfortunately fairly common these days.)

It scares people with a security warning (I do not expect Scott to be an expert on web sites, but I *do* expect him to make sure the people he hires are not incompetent).

Improper security certificate fails to account for absence of "www."