Stupid question of the day - embedded links - Android 11 phone

[Saoirse]

Hi / Bonjour

These may seem like some pretty stupid questions, but here we go anyway. 

I was reading a lengthy Quora post on my Android phone late last night, and the person who posted it had embedded a link to a website in the middle of their post.   In scrolling up, I managed (of course) to click on the link, which opened h t t p s ://  www. movie-sounds .org  (I put the spaces in there). There was more to the address that took you to a particular file, but that was the domain name. 

Question 1. Would Kaspersky (I have the paid version of Kaspersky cloud security on all my devices) have checked this website before it opened - as instantaneous as it was?    I have ALL the protection turned on. I went to Quora via Chrome, the supported browser, but not directly to the  movie-sounds link.

Question 2. There were outgoing links in this movie-sounds page which sucuri (and only sucuri) said contained malware. I used SSL Trust’s website checker/ Virus Total etc. This is going to sound really ignorant for which I apologise, but one has to actually click on an “outgoing link” for it to affect your device, yes?

Interestingly the outgoing links were  to h t t p s :// amzn.to  (Tonga?) which redirected to amazon.com in the USA.  SSL Trust’s website checker also threw up Amber warnings about the certificate of this Tongan site as well. 

Question 3. Not really relevant but my curiousity is aroused; why would Amazon USA use weird links (Tonga - really?) to link through to their website in the USA for purchasing, I am guessing, the movies referred to in the original movie-sounds website?

I feel so ignorant when it comes to technology and what goes on behind the scenes, so I feel very foolish posting here, but working on the principle that if you don’t ask, you don’t find out, I’m  asking.

Hoping I don’t have to do a factory reset of the phone, that’s a real pain. I’ve run a Kaspersky scan, (and also another well known malware program as a one off), and nothing found. Though after having static file numbers for months, I seem to suddenly have acquired some, somehow and no, it’s not the other malware program :)  I just get twitchy when new files appear in the total, though perhaps they come from upgrades to installed apps? Sorry, that was question 4 wasn’t it?

Thank you for your patience/ merci à vous
S

[Flood and Flood's wife]

Hello @Saoirse, 
Welcome!
None of what you've written sounds "ignorant or foolish", please do not feel the need to apologise; often these problems can be confusing & overwhelming. 

💥 First, not related to the issues you're reporting, however, important information regarding Kaspersky Security Cloud for Android, End of app support, What’s happening?  || Fin de la prise en charge de l'application - Que se passe-t-il ?

• ⚠ Re Q1. "Would Kaspersky cloud security Premium, have checked this website before it opened?"

Not unless you've also installed Kaspersky Internet Security, as per About the Anti-virus protection feature, A propos de la fonction Protection antivirus:

quote

You must install Kaspersky Internet Security for Android after installing the main Kaspersky Security Cloud app. The premium version of Kaspersky Internet Security is included in your Kaspersky Security Cloud package.

end quote

• Q2. No. 

• Regarding Q3. the Amazon site/link that redirects to Tonga sounds like the site may be contaminated, please log a case with Kaspersky FR support, as follows, on the support page, select either Tchat or Email, then select Application malfunction, Other template; support may request logs, traces, & other data, they will guide you.
• Regarding Q4. via phone, Settings, Storage, select & clear Kaspersky Security Cloud → Cache, then Shutdown/power OFF the Android, power ON, make sure Kaspersky Security Cloud is active, rerun the scan, any concerns, add it to the issues you'll report to Kaspersky support. 
• 💬If selecting Chat option, we recommend you request a copy of the chat transcript, make sure you fill in your email address AFTER the chat is activated by the Chat agent & complete the Verify your email address email AFTER the chat completes.

Please share the outcome with the Community?

Thank you🙏

Flood🐳+🐋

[Saoirse]

Thank you so much.

I have the Android app installed via the QR code on the desktop browser program.  So I’m guessing Kaspersky checked the web link I didn’t mean to click on (movie-sounds).

Re question 2. Seriously,  embedded links in a website, even though not clicked on in any way, could download malware and other unwanted “stuff”?   That’s NOT good. 

Kaspersky’s not coming up with anything though, and I ran a quick malwarebytes as well, as I mentioned, just in case. Nothing.   I could drive myself crazy with this, I have I guess to trust that Kaspersky (and MWB) tell me there’s nothing, then there is nothing?!

I will let Kaspersky know as you suggested re the Amazon Tonga site. Thank you.


 

[Saoirse]

Oh..re embedded links - drive by downloads….ah. Still,  Kaspersky says my phone is clean?!

I’ve done a factory reset of the phone, I guess I’ve now got to change all the passwords of things too?

[Saoirse]

 

[Flood and Flood's wife]

Hello @Saoirse,

You’re most welcome!

Thank you for posting back & the  additional information👌

Re “stupid”, none of what you’ve raised is stupid, & all the work/analysis you’ve done, shows real determination & clarity of thought, well done!

Re amzn.to, it’s not actually Tonga, https://www.virustotal.com/gui/domain/amzn.to/details. 

Definitely change all passwords, if you’re not using a good password manager, it may make life easier… 

1. As of now, have all the redirects stopped? 

Please let us know? 

Thank you🙏

Flood🐳+🐋

[Saoirse]

Hello/Bonjour Flood,

Thank you for the explanation of the .to suffix.  I had not explored that far into the “details” section of Virus Total.

As I mentioned, this was all on my Android device, running Kaspersky (paid for and fully installed).

The website I clicked on, inadvertently, was https://movie-sounds.org. 

It was Virus Total that showed me that this website had embedded links in it to that amzn.to site, and when I went to check that “.to” link, then Securi (and Scumware on URL Void) both said something was detected. Every other malware/antivirus provider said that it was clean, including Kaspersky.

I guess either I trust my antivirus or I don’t ?!!  I had precisely one app on the phone that had a financial card detail on it, so I cancelled and replaced the card just in case.  I changed passwords for 3 apps that use passwords. 

I haven’t had any notable incidents on the phone, and I factory reset it a week later (and what a nuisance that was turning everything off again, but worth it I hope).    I run Kaspersky scans 2 or 3 times a day after browsing on the phone, and also MWB once a day. I try to avoid shortened URLs, I use Chrome with the Kaspersky Browser Extension installed and EVERY single option for protection turned on and I hadn’t been following a thread in Reddit, and being careless where I swiped up, I don’t see that I could have done anything else.

Thankfully I wasn’t redirected anywhere,  nothing happened that I could see, it was just me digging into the initial URL, and  the Securi (SSL Trust) and Scumware (URL Void) “detections” that triggered my question and my fears.

Clearly I still need to be paying more attention on my phone browsing.

I guess I am seeking some sort of confirmation or assurance that Kaspersky (when installed correctly and running) would do as it intends, and protect me and my phone from as much of the bad stuff as it can!

Are you able to consider why two out of the 70+ checking sites would throw up a positive for that .to site?   I am rather hoping that the fact Kaspersky and other well known and well respected sites all say it was clean means my fears are likely to be unfounded.

So much I just don’t know or understand about technology.
Thank you for your help and advice, I really do appreciate it
merci a vous, thank you!
S

 

[Saoirse]

Kaspersky shield shows up!

and “safe website”.