Author Topic: Avast warned me Google.com has CardStealer  (Read 2527 times)

0 Members and 1 Guest are viewing this topic.

Offline nickha

  • Newbie
  • *
  • Posts: 9
Avast warned me Google.com has CardStealer
« on: June 17, 2022, 10:16:02 PM »
Hello,

Today while I was using Google.com, I got a pop-up from avast that said "We've safely aborted connection on google.com because it was infected with URL:CardStealer.

I had simply typed in the name of a philosopher in the URL bar and pressed Enter, like I do with all searches, when this appeared. The infection was not in the first result of the search (which sometimes happens), because then Avast would have said "aborted connection with xxxxx.com."

I ran a Malwarebytes scan, and it found no malware on my laptop. Later searches were ok.

The only extensions I have on Chrome are Avast and Google Docs. Any idea what happened? Should I be worried? Is this some new kind of trojan that can infect actual google.com pages?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87085
  • No support PMs thanks
Re: Avast warned me Google.com has CardStealer
« Reply #1 on: June 17, 2022, 10:50:39 PM »
I guess that you didn't do a screen capture (in your haste to exit), as using google.com presumably wasn't the cause of the alert.  I have just connected to google.com without an alert.

What were you doing on google.com at the time  ?

Unfortunately there is insufficient information to say why you got the alert.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline nickha

  • Newbie
  • *
  • Posts: 9
Re: Avast warned me Google.com has CardStealer
« Reply #2 on: June 18, 2022, 01:40:15 AM »
Unfortunately, I didn't do a screenshot, but I know exactly what I was doing previously. I was on quora.com, reading the answers to https://www.quora.com/Is-homophobia-prevalent-in-Nordic-countries, when I typed "gianni vattimo" in the upper bar and pressed Enter, and then the rest happened at 20:38 (8:38 PM).

Before that, I had been doing other searches on google, and I'd clicked on the following legit sites within the previous five hours, along with some Twitter and Facebook:
 https://www.fininfo.hr/Poduzece/Pregled/rubic/Detaljno/37958
https://www.vecernji.hr/kultura/novi-gordogan-posvecen-je-hrvatskim-grbovima-a-kao-jedan-od-autora-istice-se-i-ivo-sanader-1223327
https://www.hrw.org/news/2022/01/26/afghanistan-taliban-target-lgbt-afghans
https://issuu.com/kunsthogeschool/docs/faf21_brochure_ma_v07_issuu_2/s/13594616
https://www.srednja.hr/faks/donosimo-place-sveucilisnih-asistenata-docenata-profesora-evo-koliko-mjesecno-zaraduju/

There had been a previous attempt at infection with URL:Botnet five hours earlier, from a google pictures search, which Avast successfully aborted. I didn't click on any links, just clicked on a couple of pictures to enlarge them on the right of the screen. The source of the attempted infection was "img.movienco.co.uk" but, as I said, it had been safely aborted at 15:22 (3:22 PM) and it was five hours earlier.

It looks like the later, 20:38 infection was stopped twice within the same minute, as Avast gives me two identical notifications in History: "We've safely aborted connection on www.google.com because it was infected with URL:CardStealer. 17 Jun 2022 20:38" (both at that time; however, I only got one pop-up warning from Avast at the time it happened).

Sadly, i don't have that screenshot from the immediate Avast pop-up with the detailed info.




Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87085
  • No support PMs thanks
Re: Avast warned me Google.com has CardStealer
« Reply #3 on: June 18, 2022, 02:11:43 AM »
Unfortunately I'm unable to replicate it, no alert on google or on the quora link when searching for gianni vattimo.

The problem with image links, you don't know the URL it might be going  to, if it is going to img.movienco.co.uk then Avast Alerts. So it may have been the images loading (or attempting to load the image) from an unrelated site that triggers the alert (image3)

Just a point of note when posting links don't use the http or www prefixes as it make the link active to avoid accidental exposure to a suspect site.
« Last Edit: June 18, 2022, 02:13:35 AM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline LiamKJ

  • Newbie
  • *
  • Posts: 3
Re: Avast warned me Google.com has CardStealer
« Reply #4 on: June 18, 2022, 01:46:39 PM »
I had the same pop up last night.

I booted my computer up normally as any other time, first thing I did was open Google Chrome to go on YouTube and Avast popped up with "We've safely aborted connection on www. google. com because it was infected with URL:CardStealer". This was the first time this has ever happened (on google of all places as well??). After looking around on the internet I didn't find any other reported cases of this (apart from OP's post now), the only thing that came up was a new variant of Emotet but I don't think I could've possibly been infected as I don't open any emails on this pc or visit any out of the ordinary websites. Ran a full scan on the pc, nothing came up, no weird processes or anything like that.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87085
  • No support PMs thanks
Re: Avast warned me Google.com has CardStealer
« Reply #5 on: June 18, 2022, 05:12:08 PM »
Again a screenshot gives crucial information, without detailed information (as in the above replies) answers would be speculation.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline jesus237

  • Newbie
  • *
  • Posts: 7
Re: Avast warned me Google.com has CardStealer
« Reply #6 on: July 17, 2022, 05:56:57 PM »
This happened to me last night. I've been trying to contact AVAST with no luck as the scan says I'm OK, but I'´m getting these messages time to time on different pages, one of them, Google

Thanks for your help!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87085
  • No support PMs thanks
Re: Avast warned me Google.com has CardStealer
« Reply #7 on: July 17, 2022, 07:11:40 PM »
This happened to me last night. I've been trying to contact AVAST with no luck as the scan says I'm OK, but I'´m getting these messages time to time on different pages, one of them, Google

Thanks for your help!

I have replied in your own topic - https://forum.avast.com/index.php?topic=320382.0
It is best (easiest) to keep everything together in one topic, including these screenshot attachments..
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.10.6038 (build 22.10.7633.734) UI 1.0.733/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline jesus237

  • Newbie
  • *
  • Posts: 7
Re: Avast warned me Google.com has CardStealer
« Reply #8 on: July 17, 2022, 08:54:19 PM »
Thank you DavidR

Will use my own thread then

Offline chris..

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2763
Re: Avast warned me Google.com has CardStealer
« Reply #9 on: July 17, 2022, 09:09:48 PM »
Hello,

Today while I was using Google.com, I got a pop-up from avast that said "We've safely aborted connection on google.com because it was infected with URL:CardStealer.

I had simply typed in the name of a philosopher in the URL bar and pressed Enter, like I do with all searches, when this appeared. The infection was not in the first result of the search (which sometimes happens), because then Avast would have said "aborted connection with xxxxx.com."

I ran a Malwarebytes scan, and it found no malware on my laptop. Later searches were ok.

The only extensions I have on Chrome are Avast and Google Docs. Any idea what happened? Should I be worried? Is this some new kind of trojan that can infect actual google.com pages?
Hi,
Have you simply tried cleaning your browser?
If a page in the cache is infected, it may be called every time and the web shield alerts you without a full avast or malwarebytes scan detecting anything.