eBay

lil_stinkpot · ‎04-09-2018

To my surprise I just spotted a malicious pop up in the eBay mobile site. I am unable to find a place in the not-so-helpful help directory to report it. I got shunted off to the community based forums (ta-daaa, here I am), and that group forwarded me here.

I am very concerned that I found this pop up here. There’s no escaping it, either click and play malware roulette, and lose, or close the entire tab and reopen it. I’m using an iPhone, which I am reasonably certain is clean.

..

lil_stinkpot · ‎04-10-2018

Got another one today.

This is happening ONLY on the eBay mobile site. I will need to stop visiting until it is fixed. Bummer, because there are a couple specialty things I wanted to buy, and there seem to be sellers that have them here.

..

musiqueman8 · ‎04-10-2018

This is happening to me also and only on the mobile site. Any word on a resolution?

berserkerplanet · ‎04-11-2018

My Windows 10 phone can't check the mobile site using my preferred Opera Mini Browser (eBay decided that it is an unsupported device for the mobile site), but I tried your search in Edge browser on the phone with no signs of anything untoward.

I ran an Opera mobile emulator on my desktop, got 11,462 results for your search terms, no popups or malicious content, and ran a packet sniffer alongside it that showed nothing out of spec. Unfortunately, an external packet sniffer can't peek inside any of the encrypted traffic coming from/to the browser, and the emulator doesn't have tools for internal packet sniffing - before encryption - like desktop browsers do. But there were no packet destinations outside of eBay so encrypted packet content is irrelevant).

It's possible that any possible server side exploit/malware is "smarter than the average bear" and only executes for certain targets based on browser user-agent and other fingerprinty factors (such as iPhones but not emulated HTC Desire phones, or only for Safari Browser and not Opera Browser.

If I had you guess. I'd say it's you. You maybe have something on your phone. I'm not at all familiar with malware/exploits/etc on Apple products (other than they do exist), so can't speculate further.

Have you tried flushing everything (cookies and cache) in the phone browser (Safari?) to see if it ceases?

Also, you and the other poster say "it only happens on the mobile site". What does that mean? That it doesn't happen when using the iPhone to view the same content in desktop mode? Or that it doesn't happen when viewing in desktop mode on a laptop or computer?

It looks like you are on WiFi on the iPhone in your screenshot?

You might try using a desktop to go to m.ebay.com/sch/ and do your search. If the popup occurs there, the possibility exists that your broadband router is compromised or DNS hijacked. If the same thing happens on a desktop visiting the mobile site, first thing to try is to power cycle your router and force it to reboot (many router exploits are non-persistent and a router reboot flushes them.) If that results in the pop up no longer appearing then that was it.