Malware

Question

Can a link hack a phone without downloading anything

By Albert-76 ·
There have been a link roaming African/Asian countries social medias (starting with India) in the name of "amazon 30th anniversary" when it reached my country on June 9th I still haven't heard about it yet but strangely I got a link from an old friend who I have talked to in a month or so but since I was using Facebook lite (with many bugs) the description of the link which could have saved me and prevented me from opening the link didn't show up so I had to open the link myself to see it
It was a fake and poorly designed copy of the Amazon page but with a survey consisting of 4 steps and a timer

1- answer 4 basic questions. What is your age? What is your gender? What is your phone' OS? What is your opinion about the service?
2- choose 3 boxes out of 9 to win the prize (and of course I won)
3- share to 20 friends/5 groups
4- download an app (and sometimes it would be instead a premium subscription through your phone number which would consume all the phone's balance)

I did all 3 steps but when there was the 4th step I suspected malware so I left

It was all good thinking to myself I am a 2000IQ because I didn't fall for the malicious apk part bla bla

And I scroll Facebook to see anything new and suddenly my whole country (and I literally mean it including news media) is talking about the link
At first I was like "yeah they must be warning that the link might trick you into downloading malware so don't download it" so I considered myself safe as I didn't download it

But what they were talking about was "opening the link might lead to malware on your device and your device falling under the hacker's control"
Here my heart dropped so I downloaded 3 AVs even though I know would be useless and no threat came out then checked on VirusTotal and it came malicious/malware by 5 AVs
3 phishing and 3 suspicious/spam

I did all the necessary steps of recovering like changing password clearing browser data and backing up stuff etc but I didn't factory reset because I can't for now as I am busy and restoring would take long

Could the link really have hacked me instantly as people claim? or are they just spreading fear because I didn't see any suspicious activity until now+ the link didn't attempt doing any drive-by download or try to download/install anything in the background (knowing that because I checked my file explorer and it showed the most recent file to be a day ago and recent installation/update from settings was a new game and a fb update)
Thread display: Collapse - | Expand +

All Answers

Collapse -

How about "technically possible."

by rproffitt Moderator In reply to Can a link hack a phone w ...

Why? Because there's yet to be a hack proof or perfect OS.

You wrote quite a bit there and it would take me too much time to figure out if that's a known exploit so let's keep it simple. YOU REMAIN THE BEST SECURITY FOR YOUR PC.

If you fall for scams then maybe you need to consider something safer like a Chromebook.

Collapse -

Don't understand

by Albert-76 In reply to How about "technically po ...

Actually I have been talking about a phone and not a pc
Also I didn't really "fall" for the scam itself
The only thing I fell victim for was clicking on the link from the start (which I haven't seen any after-effects from so far unlike what people claim about what happens after you click on it)

Collapse -

How about "Yes."?

by rproffitt Moderator In reply to Can a link hack a phone w ...

https://www.quora.com/Can-I-get-hacked-by-clicking-on-a-malicious-link-What-can-I-do-to-protect-myself-if-I-clicked-on-a-malicious-link

This has been kicked around for decades and while the answer should be no, there's always a possibility that some new or old existing exploit was found.

-> I write the following knowing it may sound harsh. You clicked knowingly on a typical bad link. You did this knowing it was dodgy. Stop doing that. OK?

Collapse -

Actually I didn't know it was a dodgy link

by Albert-76 In reply to How about "Yes."?

I would usually get a warning from chrome when I am opening an/a unsecure/deceptive website but for this link it didn't warn me about anything the only thing was just showing the warning icon instead of the paslick icon on the left part of the search bar (which I didn't even look at until I left the website and saw it a second before I was off the page and returned to the main homepage

But after reporting the link on Google safe browsing, now it does warn about the link

Collapse -

Remember YOU remain the best protection.

by proffitt In reply to Actually I didn't know it ...

Relying on getting a warning is a bad idea.

I don't believe you didn't know it was dodgy. You wrote "It was a fake and poorly designed copy of the Amazon page but with a survey consisting of 4 steps and a timer." So you would close that immediately and not click further but it appears you did!

Collapse -

Right

by Albert-76 In reply to Remember YOU remain the b ...

Well since you mean that then you are right I knew it was when I opened the link then i continued which was a stupid thing to do

I thought you meant I knew it was suspicious/dodgy before clicking the link

Collapse -

And Left.

by rproffitt Moderator In reply to Right

"I did all 3 steps but when there was the 4th step I suspected malware so I left."

It's currently not possible for all links to be vetted or tested ahead of time so we're back to us being the protection.

Yes, there are folk that want to fault Norton, McAfee and all the others for not blocking this or that. Such suites, apps, and filters only know what they know and not much more. So again, I can only hope folk know to bail immediately and not click through.

As to the other question it's technically possible since current systems (OS, websites, browsers) are imperfect. Protection software, filters and such are imperfect which is why I wrote you are the best protection.

Related Discussions

Related Forums