Author Topic: URL:CardStealer  (Read 7622 times)

0 Members and 1 Guest are viewing this topic.

Offline fuechsesindcool

  • Newbie
  • *
  • Posts: 1
URL:CardStealer
« on: November 20, 2022, 10:45:47 PM »
Hello,

does anyone know what URL:CardStealer is? Avast blocked it three times today and it just keeps happening, so I think its a virus. However, neither Avast nor Windows found anything.


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: URL:CardStealer
« Reply #1 on: November 20, 2022, 11:35:54 PM »
Quote
does anyone know what URL:CardStealer is?
As the name say, a website that steal creditcard info

https://blog.sucuri.net/?s=Card+stealer



« Last Edit: November 21, 2022, 02:34:23 PM by Pondus »

Offline Dinobot2

  • Sr. Member
  • ****
  • Posts: 393
Re: URL:CardStealer
« Reply #2 on: November 20, 2022, 11:58:13 PM »
I don't know about your issue (what were you doing when it pops up for you?), but I got the same alert when VLC tried to update, so i'm suspecting this might be a false positive or an Avast bug.

« Last Edit: November 21, 2022, 12:16:34 AM by Dinobot2 »

Offline Pablo R

  • Newbie
  • *
  • Posts: 1
Re: URL:CardStealer
« Reply #3 on: November 21, 2022, 02:12:06 AM »
Hello everyone,

I am getting the same issue starting today, i did not install any new software or visit phishy websites therefore I think it is a false positive, can someone from Avast Team confirm this?

I have the same message that crl4[.]digicert[.]com/sha2-assured-cs-g1 is infected but when I run avast anti virus it found zero threats.




Offline waking

  • Jr. Member
  • **
  • Posts: 43
Re: URL:CardStealer
« Reply #4 on: November 21, 2022, 05:48:05 AM »
does anyone know what URL:CardStealer is? Avast blocked it three times today and it just keeps happening, so I think its a virus. However, neither Avast nor Windows found anything.

You may misunderstand what an "URL" threat means. It indicates that
a link to a domain is blacklisted as having been found to host some
malware or other threats in the past. As it is often listed by the
domain name and not a specific threat at that domain, you may get
an alert even when you are not actually tying to access an actual
threat (infected file, etc.).

Further, the attempt to access that domain (URL) may be embedded
in the HTML code for some other site that you are visiting. It
is not necessary for you to have explicitly tried to access that
domain yourself.

As an "URL" threat refers to a potential threat at some remote site,
it is usually pointless to go scanning *your* computer looking for
malware related to such an alert.

However, in this case since 0 of 91 security vendors at Virus Total
flag http://ocspDOTdigicertDOTcom as a threat it may well be a false
positive. Ironic given that digicert is a security service - a
certificate provider AFAIK.


Offline chris..

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2926
Re: URL:CardStealer
« Reply #5 on: November 21, 2022, 08:00:04 AM »
same issue for me yesterday with ocsp.digicert.com

I would like to point out that this alert occurred during a malwarebytes scan. I had no browser open

Offline laybel

  • Newbie
  • *
  • Posts: 2
Re: URL:CardStealer
« Reply #6 on: November 21, 2022, 06:55:08 PM »
Got the exact same triggered notification from Avast word for word.

Couldn't figure out what caused it, kept popping up even after restarting my PC before opening anything, but managed to make it stop by using Avast to block the URL.


Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89015
  • No support PMs thanks
Re: URL:CardStealer
« Reply #7 on: November 21, 2022, 08:47:20 PM »
@    Dinobot2
Looks like the VLC media player is checking for updates, but avast doesn't like the update.videolan.org landing point.

You can try - Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.

****
For those experiencing this if they don't have VLC, but the alert is initiated by svchost.exe, as fuechsesindcool is, see - https://forum.avast.com/index.php?topic=321842.msg1695989#msg1695989 - why the svchost.exe would be connecting to that location, but they too could reported it as a possible false positive as outlined above. However they may be more to this than what Dinobot2 reported in Reply #2

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Dinobot2

  • Sr. Member
  • ****
  • Posts: 393
Re: URL:CardStealer
« Reply #8 on: November 21, 2022, 11:00:05 PM »
@    Dinobot2
Looks like the VLC media player is checking for updates, but avast doesn't like the update.videolan.org landing point.

You can try - Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.

Which is weird because when I simply uninstall VLC and then re-install the latest version from the website, it's fine. I don't get a WebShield alert on Videolan.org or anything.

Offline chris..

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2926
Re: URL:CardStealer
« Reply #9 on: November 21, 2022, 11:24:59 PM »
I confirm.
Before,...every time I wanted to open vlc, avast honked.
No more problem with the latest version (full download).
The update (update.videolan) goes through another link than the full version download (get.videolan) but it's still the same domain.
And as I said above, yesterday I got the same warning with "malwarebytes" update.(no warning today)

edit:when I do "check for updates" in vlc (new version), the alert is back
« Last Edit: November 21, 2022, 11:30:49 PM by chris.. »

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89015
  • No support PMs thanks
Re: URL:CardStealer
« Reply #10 on: November 22, 2022, 12:08:08 AM »
I confirm.
Before,...every time I wanted to open vlc, avast honked.
No more problem with the latest version (full download).
The update (update.videolan) goes through another link than the full version download (get.videolan) but it's still the same domain.
And as I said above, yesterday I got the same warning with "malwarebytes" update.(no warning today)

edit:when I do "check for updates" in vlc (new version), the alert is back

Presumably the check for updates uses a slightly different URL (or the one in Dinobot2's attached image).  If so then that needs to be reported as a possible false positive.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security