Troubleshoot Opened the Amazon 30th anniversary link what could happen

EgyptianPharoah

New Member
Jul 19, 2021
8
Got a link from my friend on my phone which I couldn't see it's description (thanks to fb lite) so I opened to see what it was
And it was a fake Amazon page with 4 questions, a timer and a fake gift claimed to be real
I answered 4 questions randomly and wrong from the 3 options they gave me on each one

Then opened the boxes to see my luck and ofc just like any scam I won the prize "Huawei p40 pro"

Then there was a step to share to 20 friends or 5 groups so I simply pressed on "share" and it redirected me to both messenger and Whatsapp forwarding messages menu
And I just stared at both apps for a sec (without sending to anyone) and came back to the website and it thought I really shared to my friends so they sent me to the next step

DOWNLOAD OUR APP!!

Here I was like "no, thanks!" And left

And then I forgot about it but not even an hour later I am scrolling on Facebook
And everyone in my country is talking about it
Tv News channels
People on social media
And even the government itself warned about it because it was said to have hacked some popular people in my country

And while searching about further details turns out the links aren't all linked to each other and are random
Like some people get Amazonvip.xyz
Others get things like amaz30cel.com
And there was another one which was
"Musjdgatf.sohbetex.com" (which was the one I opened and to my bad luck it was the one with rumors about having malware)

Anyways people talk was basically
"You will receive this by your friend who is hacked don't open it" but in my case
I called my friend who sent it to me and he confirmed he was the one who shared it with his own consent and that it wasn't a hacker because he thought it was real (he also confirmed he didn't download the app)
And people also said 4 different things
1- it downloads malicious APK that installs itself automatically
2-it runs a malicious JavaScript that injects itself to your phone
3- it asks for your emails and passwords (this one I was sure it is fake because the website didn't have any login page or email related questions)
4- were people claiming it hacks you once the link is opened but they didn't give any detail about how it happens and what to do if someone opened it

However
1-I checked for apks. Nothing
2-Put the link in VT (all came as phishing with no malicious JavaScript detected except for scumware.org which pointed out it installs a trojan which turned out to be only aiming for PCs via plugins and add-ons)
3- the webpage didn't have any login page as I said above
4- this one I am still not sure from so that is why I am asking my question

Could the link have hacked me instantly as the people from the 4th perspective about the link claim?
 
Last edited:
  • Like
Reactions: Nevi

silversurfer

Level 74
Verified
Trusted
Content Creator
Malware Hunter
Aug 17, 2014
6,325
Stories like that are usually scam/phishing but rarely attacks by malware.

You said that you haven't filled-out anything related to your personal data, so looks/sounds like either really malicious or this attack didn't worked fully malicious to "infect" your phone . You will see what happens, any suspicious activity on your phone should be taken seriously. From now it's better to avoid online banking nor shopping on this phone only, at least for the next few days, if nothing suspicious happens, then it's probably more a sign you was very lucky this time, really never click anymore on unknown links, especially such weird looking links what you mentioned above: "Musjdgatf.sohbetex.com"

Real experts only are able to check carefully a possible compromised device, otherwise it's just speculating without to be sure!
 

EgyptianPharoah

New Member
Jul 19, 2021
8
Actually this incident was since last June 9
Everyone moved on with it and nobody complained about any suspicious activity (even my friend who sent me the link)
No suspicious activity at all for me
No personal accounts sending out spam
No apps eating up data and battery (except for the 3 AVs I have downloaded on my phone to scan)
No settings being changed
No accounts locked out from
No adware
No high phone bills or my bank account randomly losing money
No performance drop or phone heating
Nothing at all



It is just my guts that tell me something isn't right since that day
For example
I have been used to my weary phone to last 3 hours (or 4 if on low use) on full charge
But now since I clicked the link
My brain automatically translates my short 3-4 hours battery as "suspicious activity" even though it has been like that since my second year year of use
 
Last edited:

EgyptianPharoah

New Member
Jul 19, 2021
8
Also on European media (where they got the scam 3 months earlier than my country) they all refer to that link as "scam"
The "malware link" definition started in my country
Plus mostly AVs counted the link as phishing/deceptive including google safe browsing
Except scumware.org which points out the link downloads some trojan called "cryxos" that I am thinking it is only targeting for PCs devices because this trojan works through browser plugins and add-ons (which I assume don't exist on Android chrome)
 
  • Like
Reactions: venustus and Nevi

EgyptianPharoah

New Member
Jul 19, 2021
8
I tried reaching out people (none accepted)to test the link to see what it really does to phones
Cuz I don't have a PC to run VMs on
and vmos doesn't work on my phone
So I think I will be living in this paranoia for like forever
 
  • Like
Reactions: Nevi

Terry Ganzi

Level 26
Verified
Feb 7, 2014
1,545
Blocked by adblocker
 

Attachments

  • 1 - Copy.PNG
    1 - Copy.PNG
    23.9 KB · Views: 89

EgyptianPharoah

New Member
Jul 19, 2021
8
Blocked by adblocker
Well the link was popular and spread like fire between AVs and adblockers databases after it has been massively reported by indians (where it all started) also after searching on scumware.org it turns out the domain has other 3 websites now 4 in total
2 were Rolex 100th anniversary
2 were the Amazon 30th anniversary (I opened that one with mujsadgtf at the start)
 
  • Like
Reactions: venustus and Nevi

Terry Ganzi

Level 26
Verified
Feb 7, 2014
1,545
Well the link was popular and spread like fire between AVs and adblockers databases after it has been massively reported by indians (where it all started) also after searching on scumware.org it turns out the domain has other 3 websites now 4 in total
2 were Rolex 100th anniversary
2 were the Amazon 30th anniversary (I opened that one with mujsadgtf at the start)
I got those links sent to me also but this mobile app blocked all Dr. Safety: Free Antivirus, Booster, App Lock - Apps on Google Play And that was all last year but as the guy posted the link and I was on my pc I looked it up and found out it's blocked by the ablocker I'm using so i posted the results. The mobile security above created by trend micro blocks that stuff easy before i knew how serious it was, people send those links via whats app or signal and they are always blocked by my mobile Av. Never had the chance to look it up then because it was blocked as soon as I scroll to it.
You can go to this link to see the mobile security key features: Battle - Best free antivirus for android
Posted the wrong mobile AV changed it to the right 1 sorry about that.
 
Last edited:

EgyptianPharoah

New Member
Jul 19, 2021
8
I got those links sent to me also but this mobile app blocked all Dr. Safety: Free Antivirus, Booster, App Lock - Apps on Google Play And that was all last year but as the guy posted the link and I was on my pc I looked it up and found out it's blocked by the ablocker I'm using so i posted the results. The mobile security above created by trend micro blocks that stuff easy before i knew how serious it was, people send those links via whats app or signal and they are always blocked by my mobile Av. Never had the chance to look it up then because it was blocked as soon as I scroll to it.
You can go to this link to see the mobile security key features: Battle - Best free antivirus for android
Posted the wrong mobile AV changed it to the right 1 sorry about that.
Lucky for you
I opened it and heard the news when it was too late. I will try it and see
Also after scanning the link on Virus total I realized all AVs that registered the link as "malicious" were all based on reports and not actual scanning
Except for scumware.org which even went a step further and had a list of the malicious script the website was using Wich was something called "Trojan JS:cryxos.5928" and I searched for it and turns out it is some type of adware/scareware but all victims of the cryxos malware are all on PC so I don't think this malicious script was made for mobile (as the website changes the phone's os question to "PC's os" when the website is opened on desktop)
Also the symptoms of this cryxos malware is annoying popups and ads, website redirects and malicious browser add-ons and plugins(add-ons and plugins don't exist for Android chrome too) and all of these symptoms haven't been showing up since I opened the link
 
Last edited:

EgyptianPharoah

New Member
Jul 19, 2021
8
Update: the website doesn't open anymore and I assume it has been taken down
Which is good and bad
Good: because it won't cause any harm to anyone anymore (unless it gets back again)
Bad: because I didn't have the chance to test it to see what it really does (because I still doubt it has buried something in my phone so I wanted to restart the events with more detailed analysis) but it is probably my brain frightening me and there is actually nothing because I am very paranoid and never used to malware related stuff on my phone (hopefully there is really nothing and it is just my brain imagining scenarios)
 
  • Like
Reactions: venustus
Top