Note: Please do not post Personally Identifiable Information like email address, personal phone number, physical home address, product key etc.
Issue abstract: found this cookie which is also on my home computer. I cannot find any idea where it came from. Nor if its malicious. All I know it showed up randomly.
Detailed description: I was online and I waa checking settings on something when I found this cookie.
Product & version number: Norton 360 with Lifelock version 5.109.3.250313400
OS details: A35 5G
What is the error message you are seeing?
If you have any supporting screenshots, please add them:
AI Overview
The domain name ads.servedxk.com is associated with a widespread malware campaign called Adrozek. This malware modifies browsers to silently inject ads into search engine results and other webpages. The goal is to lead users to click on these injected ads, directing them to affiliate pages and generating revenue for the attackers.
Here’s a more detailed explanation:
Malware Injection:
Adrozek, the malware family, works by adding browser extensions, modifying browser DLL files, and changing browser settings.
Ad Insertion:
This allows the malware to insert its own ads on top of legitimate ads on webpages, often in search results.
User Deception:
The attackers aim to trick users into clicking on these malicious ads, which redirect them to affiliated pages.
Revenue Generation:
The attackers earn money through affiliate marketing, where they receive payments for every click or visit generated from their malicious ads.
Impact:
This campaign can affect multiple browsers, including Microsoft Edge, Google Chrome, Yandex Browser, and Mozilla Firefox, according to a Microsoft blog post.
In short, ads.servedxk.com is a domain associated with a malware campaign that injects ads into webpages to deceive users and generate revenue through affiliate marketing.
This is posted in Norton 360 for iOS | Android therefore I assume the cookie is in an iOS or Android system.
Most browsers in smartphones do not support browser extensions. I know that Chrome in Android does not. Even if the system supports browser extensions, they cannot be installed without permission from the user. If malware is able to install a browser extension without permission from the user then that is a major vulnerability.
DLL files are specific to Windows. iOS does not use DLL files therefore DLL files are not relevant to iOS. Android also does not use DLL files. Some Android applications use DLL files but that would not be relevant to a browser. Android and iOS use shared libraries that are functionally like DLL files but not the same as for Windows. The ability to install a DLL file or a shared library would also be a major vulnerability.
Cookies do not have executable code. A cookie is harmless without code that uses it, except the problem with cookies is that the data can be sent to the server and it is the sharing of data that is the concern. The Adrozek malware has existed for a few years, the cookie might have existed in the system for a few years; hopefully the malware is gone from the system.
Note that the ZDNet article mentions AppData folders. Those are specific to Windows.
Hello @SamRay_Hobbs
So, you’re reporting that https://servedxk.com cookie found on op phone (and also reported on op computer) is not in any way related to https://ads.servedxk.com on a computer.
I do not know what you mean by on a computer; a phone is a computer but phones are not servers, I really doubt that https://ads.servedxk.com is served from a phone.
That is vague. Perhaps the important point is that nothing that affects security is synchronized.
I block third-party cookies in my Windows system but sometimes websites require them for doing things we want to do. I avoid clearing all cookies blindly; it is inconvenient to have to re-enter data but it might be better for others that are not as technically experienced as I to periodically clear cookies.
So, you’re reporting https://servedxk.com “cookie” found on op phone and/or home computer is not related to https://ads.servedxk.com and is harmless?
A cookie is not a security problem without software that uses it. Cookies are a privacy concern; they allow servers to get data they could not get otherwise. Hopefully the https://servedxk.com cookie in MattPat’s phone is just an artifact of malware that is now not in the phone.
Adrozek is a type of Android malware that primarily infects browsers and injects fake ads into search results. It can also extract device data and, in some cases, steal credentials. To protect your Android device, regularly update your operating system and apps, use a reputable antivirus solution, and be cautious about downloading apps from outside the Google Play Store.
Here’s a more detailed look at Adrozek and how to address it:
What is Adrozek?
Malware:
Adrozek is classified as a type of malware, specifically a browser-hijacking tool.
Functionality:
It primarily works by injecting unwanted ads into search results and other online browsing activities.
Harm:
In addition to displaying fake ads, Adrozek can also collect personal data, including device information and in some instances, credentials.
How to Protect Your Device:
Keep Software Updated:
Ensure your Android operating system and installed apps are up-to-date, as these updates often include security patches.
Use a Reputable Antivirus:
Install and use a reputable antivirus solution with a strong anti-malware engine.
Be Careful with Apps:
Download apps only from trusted sources like the Google Play Store, and be cautious about granting permissions to apps, especially those from outside the Play Store.
Avoid Suspicious Websites:
Be wary of visiting websites that look suspicious or that prompt you to install software.
Use a Password Manager:
Consider using a password manager to help protect your online accounts and credentials.
Regularly Scan Your Device:
Run regular scans with your antivirus solution to detect and remove any potential malware infections.
Check for System Updates:
Google Help recommends checking for system updates, including security updates and Google Play system updates.
Remove Untrusted Apps:
Uninstall any apps you no longer need or that you suspect may be malicious.
Security Checkup:
Google Help recommends checking your Google account security through a security checkup.
If You Suspect Your Device is Infected:
Remove Problematic Apps:
Use Safe Mode (explained in Google Help) to remove any apps that you suspect are causing issues.
Clear Browser Data:
Clear your browser’s cache and history to remove any temporary files related to the malware.
Scan Your Device Again:
Run a scan with your antivirus solution after removing problematic apps and clearing browser data.
Factory Reset (Last Resort):
If you are unable to remove the malware through other methods, a factory reset might be necessary, but this will erase all data on your device.
Any chance you can determine what app you are using when you see this? Try clearing the app data and app cache for your browser in Android Settings > Apps > <browser name>
If you don’t know what rooting is, you probably have not done it.
Rooting an Android device grants users administrator or superuser access to the device’s operating system, similar to jailbreaking on iOS devices. This access allows for advanced customization, modification of system applications, and installation of specialized apps that require system-level permissions. However, rooting also carries risks, including voiding the device’s warranty and potentially making the device unstable or susceptible to malware.
On your Android device go to Android Settings > Apps > Chrome browser and clear the App Cache and App Data. Turn the phone off and back on and test for a couple of days to see if this issue comes back.
