It looks like some malicious Ads made it into the Ad network used by steemit.com.
See this old article for a very similar issue on a different site: https://www.rollcall.com/news/politics/no-you-didnt-win-a-1000-amazon-gift-card-heres-why-you-saw-a-weird-pop-up-ad-on-rollcall-com
After loading https://steemit.com, after a few seconds Steemit gets redirected to this page:
https://amazon.com-gift-winner.vip/amazongiftus/index.html?model=iPhone&brand=Apple®ion=Florida&city=Jacksonville
---> DO NOT OPEN, IT'S A PHISHING SITE
Apologies for the title that is a bit clickbait but I believe that this is worth immediate attention!!
I tried the site in a sandbox and it asks victims for lots of personal information (name, address, phone number, many questions regarding job and health insurance) and eventually credit card number or registration to other well known services (in order to steal those credentials).
I am able to reproduce this issue on an iPhone 6, an iPhone XR emulator and an iPhone X emulator run locally on my machine. Reproduced both on Safari and Chrome.
This issue is not reproducible on Android or Desktop browsers.
I am trying to inspect the source code to understand where this is coming from but so far I'm not able to stop the redirection in order to inspect the code.
Since it's not possible to override the window.location behavior I tried disabling tab close and page redirections using the following code in the browser console right after loading steemit.com:
// window.location.href = 'https://steemit.com'
const nap = ms => new Promise(res => setTimeout(res, ms));
const forceOverride = async () => {
while (true) {
const confirmExit = () => "You have attempted to leave this page. Are you sure?";
window.onbeforeunload = confirmExit;
await nap(100);
}
}
forceOverride()
...but it does not do the trick, the page still gets redirected.
I'm only able to prevent the redirection if I disable the wifi right after loading the steemit page. But doing so I have no luck in finding the culprit Ad in the scripts and page. It likely does not load in time otherwise the redirection would take place.
Looking at the network requests the domains that get loaded right before the redirection are:
m.servedby-buysellads.com, cdn-s2s.buysellads.net, consent.cookiebot.com, securepubads.g.doubleclick.net, s2.adform.net, adservice.google.com, use-tor.adsrvr.org, track.adform.net, cdn4.buysellads.net
PS. A similar issue was reported 5 months ago: https://steemit.com/steem/@schlafhacking/caution-malware-ads-on-steemit-condenser
How many users are still affected by this problem?
If you are among those and you are reading this post in another browser, in order to solve the issue try doing the following:
- Clear your cookies, cache, and browser history
- Install an Ad blocker
- Restart your device
NOTE: If you do not install an Ad blocker these steps will work only after the malicious Ad gets successfully located and removed by Steemit Inc.
In alternative use Brave browser that blocks Ads by default and offers a better security.
While I don't like the title for being too clickbaity and not precise, the first sentence clarify things up. Thanks for the heads up.
@gtg my pleasure.
And as usual then.. 🙈 🙈
https://steemit.com/security/@gaottantacinque/steemit-chat-is-unsafe
UPDATE: It looks like the vulnerability is now patched.
Awesome response time guys! =]
Good catch.
Yeah happened to me too last night from my iphoneX!!
test
The issue is still occurring in Safari and Chrome on iOS.
I now reported the issue to Amazon on their dedicated section.
Thanks
Thanks for the warning.
The phishing site is now offline.
Awesome, thanks!
This post is promoted by @tipU voting service under #newsteem rules funded by marcocasario :)
The upvotes are not profitable and 50% of the payment is donated to @steempeak and other steem projects.
Thanks for information
As a follower of @followforupvotes this post has been randomly selected and upvoted! Enjoy your upvote and have a great day!
Thanks for the heads up, they're looking into it.
Good, thanks