Emails with malicious links being sent to friends from Kindle Fire

Hi, I was redirected here from the main forum because my problem seems to be related to a Kindle Fire Tablet - i.e. not Windows! However, it may be that the problem is nothing to do with the tablet but email spoofing in general. Whatever, I badly need some help!

A few days ago my wife received an email from a friend which appeared quite normal, with appropriate content. It ended with a note saying, "btw you will find this article interesting" & a link. Because the email was from a trusted source my wife unfortunately clicked on the link, which took her to what appeared to be an article about bitcoin on what looked very much like the official BBC web site. A bit puzzled she just closed it & forgot all about it, but then we started getting queries from other friends asking if we had really meant to send them what looked like dodgy emails - 'Please act before Saturday' & a link which we have advised everyone to avoid. It looks like the original message has infected the email app on the Kindle Fire, which is harvesting email addresses and email Titles and sending them out from what looks like her email account (but presumably isn't - they are not in Sent Items) with a malicious link.

I would normally install Malwarebytes first & run that, but unfortunately (and I haven't seen any news about this - you might like to investigate & comment?) Amazon seem to have prevented any useful anivirus software from being available for Kindle Fire. I eventually found a comment on the Malwarebytes forum saying that due to "new conditions being imposed by Amazon" they had had to remove Malwarebytes from the App Store, and they were working on it & they hoped it would be available again at some future date. This is not doing Kindle Fire users any favours! There are no reputable antivirus applications available whatsoever, just a couple ov very dispreputable-looking ones!

It's probably not significant, but the email account concerned is a French IMAP account (we are British but currently living in France). The spoof emails being sent have gone to both French & uk email addresses. I have actually received on of these emails on my own French account, which I have kept in case I can extract any useful information from it that you might need.

We are thinking of removing the email app from the Kindle in the short term, which will hopefully prevent any more malicious messages being sent. Is that a good idea & will it work? Any and all advice will be gratefully received. I would particularly like to know why Amazon have put all Kindle Fire users at serious risk by making any useful anivirus software unavalable!


TIA
Martin Davies

Sounds exactly like spoofing. Nothing you can do to prevent that. Possibly you could of earlier of been

more cautious in not posting your email address on websites. Then again....a website that you needed to

give an email address in order to interact with it may have been hacked / compromised.

I have a Kindle tablet. I only use it to make Skype calls on. Allows me to do that outdoors. I wanted to put

Firefox browser on it but couldn't get any real answer as to how it would work...if it was installed. Amazon

browser is the pits...my opinion. Have you installed a second browser?

Nothing to do with a website, it was a link received on an apparently safe email (from a friend) that since clicked on has started sending out emails to all the email addresses represented in our email account, copying the email titles and appending a malicious URL to the existing text. I suspect something has infected the email client, as it is using addresses, email titles & content from our own emails.I agree the browser is naff, but the current issue is purely email-related.

I would do a reset of the tablet. It is the only way I know of to get rid of malware on it. I

understand it will take some time to do. You may have data, pics, etc. you want to save to

another source before doing that.

How to Reset a Kindle Fire (And Back up Your Content Before Doing So)

Nothing to do with a website, it was a link received on an apparently safe email (from a friend) that since clicked on has started sending out emails to all the email addresses represented in our email account, copying the email titles and appending a malicious URL to the existing text. I suspect something has infected the email client, as it is using addresses, email titles & content from our own emails.I agree the browser is naff, but the current issue is purely email-related.

One of the oldest email scams in the book, actually. Not much you can do about it - except change your password (as a precaution) and don't click on links in emails you aren't expecting from now on.

Edited by C0bra, 20 June 2020 - 03:54 PM.

Unfortunately the email was expected, was from someone we knew, and everything else in it was genuine!

Unfortunately the email was expected, was from someone we knew, and everything else in it was genuine!

That doesn't make any sense. So you were informed by the sender that an email was coming, and it contained this link? Was it confirmed by the sender that the email was, in fact, sent by them?

I would reset the Kindle. The Kindle uses Amazon’s own version of Android so it’s possible it can get infected.
As for apps there is a way to download Google apps on a Kindle via 1 Mobile AppStore:

https://kindlefireforkid.com/how-to-sideload-android-apps-in-kindle-fire-kindle-fire-hd-and-kindle-fire-hdx/

 

Unfortunately the email was expected, was from someone we knew, and everything else in it was genuine!

That doesn't make any sense. So you were informed by the sender that an email was coming, and it contained this link? Was it confirmed by the sender that the email was, in fact, sent by them?

 

Yes, that's right. The email was completely genuine but had a false comment & the didgy link appended to the 'true' content.

Yes, that's right. The email was completely genuine but had a false comment & the didgy link appended to the 'true' content.

That's a new one. Sounds like their email signature was the culprit? I take it they're aware now of what happened? They should be changing their password and scanning their devices as well.

Edited by C0bra, 06 July 2020 - 06:34 AM.