3

I clicked a link from a fake Twitch streamer and now I'm scared of being spied on. I typed my account details but didn't actually sent them because I realized it was a fake link right before clicking enter.

Am I at risk from some sort of malicious program being installed into my PC just by clicking the link?

https://secure.runescape.com-l.cz/m=weblogin/loginform.ws769,443,127,150,5 This is the link and I checked on VirusTotal and the result was that it was a phishing/malicious website.

forest
  • 64,616
  • 20
  • 206
  • 257
Alex
  • 31
  • 1
  • 2

3 Answers3

5

You likely have nothing to worry about. Phishing relies on tricking you into entering sensitive credentials. It's very rare for it to exploit you directly and if they did want to do that, they wouldn't be showing you a password prompt. However, it is possible that merely typing in your account details sent data to them even if you did not press enter, so you should change your password. I don't think that's likely in this case, since I logged network activity while typing a dummy password into that phishing site and could only see it send it when I actually pressed enter, but it's still a good idea to change those passwords.

It is possible that the page has attempted to use exploits against your browser regardless. Generally, these exploits will be against old browsers or outdated plugins. If you keep your browser up to date, it should not have public security issues that could be used to install malware via a drive-by download.

forest
  • 64,616
  • 20
  • 206
  • 257
  • 1
    What about things like the BeEF framework that displays a fake login screen while also trying a range of browser exploits in the background? A login page means that the user might not assume that something is wrong and close/refresh the page and break the exploits. – schroeder Jan 03 '19 at 11:03
  • @schroeder That's certainly possible, but unlikely. I'll update my answer to take it into account. – forest Jan 03 '19 at 11:07
1

In addition to the existing answers regarding credential harvesting and native browser exploits, there is always:

  • UNC paths (stealing hashed passwords - IE only)
  • Injecting malicious extension (used for gaining persistence on the victim browser)
  • Injecting malicious browser updates (again, for gaining persistence on the victim browser and code execution)
  • Browser plugin vulnerabilities (i.e flash, silverlight, java - for code execution)
  • Attacking the router (to redirect traffic, open ports etc)
  • Attacking LAN systems (exploitation is difficult from the restrictions of browser networking, but port scanning is trivial)
  • The same can be done on the local system
  • Cross-site Request Forgery against vulnerable sites

Honestly, there are hundreds of possible things that /can/ happen when you get phished, just by clicking the link. But in reality, the last 5-10 years have been great for the advancement of website/browser/system/equipment security and you probably dont have to worry about the majority of these. So take a deep breath, you are most likely fine :P

hiburn8
  • 441
  • 2
  • 11
-2

Providing you didn't enter any sensitive information, the most that the creator of the link would've gotten from you is your IP and User Agent. If you use a VPN (like you probably should be doing) then you have nothing to worry about. Although, if you don't, then the creator will have a close approximation to where you live.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Ollie
  • 1
  • 1
  • 1
    Please read the other answer. Your claim that nothing was sent and nothing could go wrong is not true in a general sense. – schroeder Jan 03 '19 at 13:55
  • Oops, missed that he'd said that he'd actually inputted information. Yeah, technically in that case I suppose there could have been a noddy Javascript keylogger embedded into the application capturing keystrokes. I was going on the basis that he'd just clicked the phishing link. – Ollie Jan 03 '19 at 14:31