This morning I received a facebook message from a friend which contained a link that was obviously spam. I went to swipe away the Facebook Messenger notification but fat-fingered it and opened the notification instead of clearing it. It automatically opened the link, which opened the Play Store and I got the message "Account Data Updated".
As soon as this happened I turned off mobile data and wifi for fear of transmitting anything anywhere it shouldn't go, but I don't know what damage it could have actually done. My phone is an Evo LTE.
Can anyone help me figure out what it did?
Here's the link the message pointed to:
*DO NOT CLICK*
http://www.hill70.ca/wp-content/themes/midnight-blue-plus/boomboomnow.php?oulr
*DO NOT CLICK*
HELP!
Switch on your phone and open Play Store. If everything happens to be normal, then it's alright.
**Men have become the tools of their tools**
Thanks. Still a little nervous to turn data back on...
What account data could even be modified using a PHP script? I wouldn't even see Google allowing such a thing, but go figure.
Smash the phone in the wall, log into Google Account and change your password
I'm not responsible for any damage.
It is spam, if you are worried then log on via pc....Thread closed.
Related
This post is regarding the Xfinity Mobile app: https://market.android.com/details?id=net.comcast.ottclient
My system log shows <userName>[email protected]</userName> and <password>MYPASSWORD</password> on a line that starts with "D/HTTPManager". I read the log using aLogcat (app available in the market). Open aLogcat, press menu and filter for "password". After I clear my log (using aLogcat) that line reappears even when I haven't used the Xfinity app. I don't use my comcast credentials in any other app.
To try and resolve this I cleared data and cache for the Xfinity app, then cleared the system log in aLogcat, and restarted the phone for good measure. I opened the Xfinity app, logged in without checking "remember me" and unfortunately my username and password immediately reappeared in the system log.
I posted this issue here: http://forums.comcast.net/t5/Mobile-Apps-and-Web/Password-revealed-in-android-system-log/td-p/872295. A Comcast employee responded to say they will investigate this issue and fix it within a few weeks. In the mean time, you may want to uninstall the Xfinity Mobile app and change your Comcast password, or at least do not share your system log with anyone (in bug reports for example) if you have Xfinity Mobile installed.
This may not be the only app that exposes sensitive information in the system log, but this is the only password I have found exposed.
I have a Motorola Droid running stock Android 2.2.
UPDATE - As squiddy20 pointed out, Comcast has updated their app to 2.0.2. They include instructions to clear the app data as part of the upgrade, but that may be unrelated to this issue. In any case, I cleared the app data and installed the update, and my credentials no longer show up in the log. As far as I can tell, they have completely resolved this issue. If the problem persists for anyone else, be sure to post that here and on the Comcast forum.
Wow Comcast.
Thanks for the heads up
I checked this out for myself and the only way I could get it to show up was by logging out and then back in. I then did a reboot, let it sit for well over 5 minutes after it was fully booted, and then tried it and still no entry under "password". I dont get any of the sporadic, random popups you seem to have gotten. Oddly though, I have it set to not login automatically, yet after the reboot, it took me right to my email messages without me actually typing in my login info. That in itself is room for concern, let alone the possibility that login info is contained in the logcat in plain text.
Samsung Moment 2.1 running TiX 1.6 rom.
Interesting I to have the same issue squiddy20. Very concerning not a good thing Comcast
I was not able to see my password
I use an EVO with 2.3 and checked the same on my logs after logging in .. and only saw my username the password was nowhere to be found. I guess it would only happen when you first try to login.
squiddy20 said:
I checked this out for myself and the only way I could get it to show up was by logging out and then back in. I then did a reboot, let it sit for well over 5 minutes after it was fully booted, and then tried it and still no entry under "password". I dont get any of the sporadic, random popups you seem to have gotten. Oddly though, I have it set to not login automatically, yet after the reboot, it took me right to my email messages without me actually typing in my login info. That in itself is room for concern, let alone the possibility that login info is contained in the logcat in plain text.
Samsung Moment 2.1 running TiX 1.6 rom.
Click to expand...
Click to collapse
Now that I have unchecked "remember me" my credentials only show up in my log when I log out and back in. Not sporadic any more.
Check your Xfinity Mobile -> Settings -> Log Out setting. If it is set to "Never", then you wouldn't have to log in again after a reboot. If it is set to "On Exit" then you should have to log in again after exiting the app or after a reboot... but that may be buggy.
Thanks for the tip, but I honestly don't access my email through the app very much. To me, less things logged into and running in the background, means more memory for other things and slightly more battery life.
Also slightly less security problems!
Well, they've updated the app and I assume they've fixed the logcat problem (haven't checked for myself yet). They do have a note: "This Update will require you to log in to the application" plus the usual updates, improvements, and fixes.
Edit: just ran 2 checks with aLogcat and can confirm that the username and password info does not show up when searching for keyword "password". On a slight side note, I've noticed that hitting the home button on my Samsung Moment exits the app, but doesn't sign out. While hitting the back button from the main screen exits the app AND signs out. Settings also seem to be staying the same, even after reboots. Mine would reset occasionally, turning notifications on and other things.
I have had some concerns as well. I have lost most of my channels in the TV listings area. It goes from 2-29 and then 75-99 but that is it. I have uninstalled and reinstalled the app several times, cleared data in applications, etc. As I reinstall the app, it is going right into my system without asking for a password which I find a bit alarming.
I assume that the program has reverted to a selection that is not the full digital programming which shows up when you first do an initial install. I cannot find a way to get back to that area to reset my configuration and add all my channels back. I have emailed Comcast and those idiots responded that they do not have an app that works with Android yet, only iPads and iPhones. Quite comical.
Any help would be greatly appreciated.
I have tried all of the methods mentioned above and when I log in using username and password, and filter alogcat only my username appears in the log. Also tried brief and long settings in alogcat preferences.
Edit: This is using the 2.0.2 version.
Hi Squiddy ,
Pressing the backbutton will exit the app and pressing the home screen actually puts the app in the background so that at later point of time we can launch the app from the page where we left .
I dont think this is an Issue.
Hi Dawgman25,
There is a settings for the program area where you can change the zipcode of yours and select the proper digital option.
After logging in tap on the settings on the lower right corner.
There will be an option program area under TV Listings.
There you can enter your zipcode and give the correct Headend (Digital) option
I think the forums.comcast.net will respond quicker and properly .
you can also directly send mail to [email protected] to get lightning response !!
I tried this and he responded immediately
Hi all,
Have a strange "issue" with my Z3 Dual.
I noticed yesterday that the Downloader seemed to be running, even though I hadn't asked the phone to download anything. Sliding the notification open seems to suggest that the download isn't actually running, but simply keeps notifying.
Data is not being sent or received, and the items always seemed to be images. I had thought it was my work exchange email (through Mailwise) or maybe even IM chats downloading images. Uninstalled them and reinstalled and that did nothing.
Finally this morning, I received and email (through my Gmail) from my property manager, and it had a pdf, the same pdf was trying to be downloaded by the manager! So it appears, that on my phone at least, Gmail is asking my downloader to download, without the actual download initiating, but simply keeps a persistent notification there! I also have a nexus 9 with the newest Gmail and its not happening there.
Has anyone else had this issue? I'm about to roll back latest update of Gmail to see if it fixes.....
screenshot attached
Rolling back Gmail to original version has not helped.
It has happened to me, and it seems to be when using autodownload on any of the email apps if it begins to download and you suddenly lose the data is connection it gets stuck.
Just go to settings and apps and go to the Download app and clear the cache and data and that will take care of the persistent notification, then try to adjust your autodownload settings.
erasat said:
It has happened to me, and it seems to be when using autodownload on any of the email apps if it begins to download and you suddenly lose the data is connection it gets stuck.
Just go to settings and apps and go to the Download app and clear the cache and data and that will take care of the persistent notification, then try to adjust your autodownload settings.
Click to expand...
Click to collapse
Agree with everything you've said, but in gmail, i've auto download of attachments on wifi to OFF, and Images to "ASk before showing". Not sure there are any other settings I can access?
I have, for the time being, turned OFF notifications from the download app - this is obviously not idea if I really DID have an actual download of a large size or being stuck I have no way of monitoring it.
Open to any other suggestions / ideas
sephstyler said:
Hi all,
Have a strange "issue" with my Z3 Dual.
I noticed yesterday that the Downloader seemed to be running, even though I hadn't asked the phone to download anything. Sliding the notification open seems to suggest that the download isn't actually running, but simply keeps notifying.
Data is not being sent or received, and the items always seemed to be images. I had thought it was my work exchange email (through Mailwise) or maybe even IM chats downloading images. Uninstalled them and reinstalled and that did nothing.
Finally this morning, I received and email (through my Gmail) from my property manager, and it had a pdf, the same pdf was trying to be downloaded by the manager! So it appears, that on my phone at least, Gmail is asking my downloader to download, without the actual download initiating, but simply keeps a persistent notification there! I also have a nexus 9 with the newest Gmail and its not happening there.
Has anyone else had this issue? I'm about to roll back latest update of Gmail to see if it fixes.....
screenshot attached
Click to expand...
Click to collapse
Same happened to me (also have Z3 dual) but updating Gmail app seemed to fix this issue.
I have the dual sim z3. I originally had my active tmobile SIM in SIM slot 2 when I put it in SIM Slot 1 the problem went away. Rebooted and no more download manager in the background.
First of all.. Evidently the 4.4.4 OTA forced itself to my Note 3, and screwed up location services (I was trying not to install it, but after saying no half a dozen times, I went to check something on Facebook, only to find my phone 73% through with the update process without my permission.. it removed the GPS hotlink or whatever you want to call it, and replaced it with a general "location services" button. So I can't just leave power saving location services on all the time and just switch GPS on and off when I want (like I always used to).. I have to dig into the settings and switch from power saving to high accuracy every time I want to turn GPS on. Or I can turn all location services off, and get constantly nagged by my apps telling me they need location services while I'm sitting at home on WiFi.
..and now when I try to get on XDA forums for help, it won't let me log in.. keeps telling me I have the wrong password (which I know I am entering the correct password, and the captcha for retrieving lost password doesn't work. If I click on the box to enter the captcha, it moves the cursor back to the email box. I can get the cursor in the right place by tabbing through the page, but every time I enter it I'm told it's wrong. Tried both image and audio, and obviously I'm entering the correct captcha, but it still won't let me retrieve my password (which again, I shouldn't even have to because I know what my password is).
Hi,
Please use this link to email xda about your account issues. Not much you can do until you can log in, since visitors cannot post anywhere on XDA.
http://www.xda-developers.com/contact/#accthelpwebmaster
Good luck,
The night of the 17th, I was using the Facebook app while suddenly a download in progress icon appeared in the status bar. I pulled down the notifications screen just in time to catch a glimpse of the word "attackers" followed by a bunch of symbols like $ before it disappeared. I could not find anything in the downloads folder list, ESET premium that was monitoring my phone and all downloads hadn't even detected it, and I tried in vain to search online using only the selected phrases I had managed to glimpse.
Then by sheer luck, today, I managed to find a thread on this problem with the full details. The message had been "attackers on <b>%1$s</b> might atte..." with a download in progress while using Facebook app. Which I assume is completed as "might attempt to steal your information" or something.
I tried using this phrase to search about it on Google, and while nothing specific to this problem came up, a list of generic information results on various types of network attacks, DDos, man in the middle and zero day attacks came up, which has me really worried.
I am still using the phone as is, I really don't know much about technology related things. Please advise me what I should do now, if I should just turn off the phone or something. The person in the other thread said he had reset his phone and the problem had reappeared when he had signed into Facebook again, so now I'm not sure if a simple factory reset will help and I will probably need to install a custom ROM or something.
I'm using Android 7.0 in a Samsung Galaxy J7 Prime. I got a software update to Oreo just an hour earlier and I wonder if updating the software will help remove whatever malware/spyware/hacking application got installed.
Please help, I am logged into all my accounts through this phone and it's already been like 4 days since the message first appeared damage control is needed.
Thank you very much. If you know anything, anything, please let me know it's very urgent.
SeaMonster26 said:
The night of the 17th, I was using the Facebook app while suddenly a download in progress icon appeared in the status bar. I pulled down the notifications screen just in time to catch a glimpse of the word "attackers" followed by a bunch of symbols like $ before it disappeared. I could not find anything in the downloads folder list, ESET premium that was monitoring my phone and all downloads hadn't even detected it, and I tried in vain to search online using only the selected phrases I had managed to glimpse.
Then by sheer luck, today, I managed to find a thread on this problem with the full details. The message had been "attackers on <b>%1$s</b> might atte..." with a download in progress while using Facebook app. Which I assume is completed as "might attempt to steal your information" or something.
I tried using this phrase to search about it on Google, and while nothing specific to this problem came up, a list of generic information results on various types of network attacks, DDos, man in the middle and zero day attacks came up, which has me really worried.
I am still using the phone as is, I really don't know much about technology related things. Please advise me what I should do now, if I should just turn off the phone or something. The person in the other thread said he had reset his phone and the problem had reappeared when he had signed into Facebook again, so now I'm not sure if a simple factory reset will help and I will probably need to install a custom ROM or something.
I'm using Android 7.0 in a Samsung Galaxy J7 Prime. I got a software update to Oreo just an hour earlier and I wonder if updating the software will help remove whatever malware/spyware/hacking application got installed.
Please help, I am logged into all my accounts through this phone and it's already been like 4 days since the message first appeared damage control is needed.
Thank you very much. If you know anything, anything, please let me know it's very urgent.
Click to expand...
Click to collapse
sounds like the warning message chrome gives. The <b>%1$s</b> is variable for the website name.
https://security.googleblog.com/2015/02/more-protection-from-unwanted-software.html?m=1
found a couple of other mentions of this
see image in following thread, seems like download manager shows warning so must be Facebook downloading something from a suspect url as you say it happens using Facebook. I don't use Facebook app, you say it downloaded something by itself, without you initialising, seems dodgy, but it's a monster app as I recall, must be even bigger white more permission these days!
https://m.imgur.com/a/31Pds5y
ref
https://www.reddit.com/r/FacebookHelp/comments/9vtne6/attackers_on_b_1s_b_download/
been hampering for at least 4mths
https://www.reddit.com/r/androidapps/comments/8zq0fw/mystery_app_update_on_lg_g5_help/
see you have seen this thread also
https://forum.xda-developers.com/android/help/ineed-help-message-attackers-1s-atte-t3868724
Hi guys!
Tried the search but came up with nothing so here goes...
I must admit I'm not very tech savvy but I can follow instructions no worries
I joined mainly because my Samsung Galaxy S8+ (un-rooted) started to behave very strangely early this year.
(and I want to trick it up after warranty expires in August ?)
Short story is that my Samsung account got hacked (or it at least seems like it) and the perp was then able to control my phone remotely. It was incredible watching my phone do as it pleased and all I could do was sit back and watch. Funny thing is that I've never actually toggled the RC switch (find my phone)...
My local carrier (Telstra Bigpond - Australia) account as well as my Google account got taken over shortly after. This would have given whoever it was access to my 3 cloud accounts which add you can appreciate would contain some sensitive material.
Whoever is responsible could well be a member on here so "Hi, there!! "
I pulled my sim and sd card and switched the phone off so I could decide what to do next.
I got a password manager app, changed all passwords (lucky my partner had a spare iPhone 5S sitting around up I could get online) and factory reset the phone.
All seemed to be going well until a few days ago...
I got "timed out" on my Samsung account (is that even possible?!) and while I was putting the password in (on the Samsung website - silly mistake!) just as I hit next I noticed a few dots in a square pattern that did a spinning type of graphic over the password entry box.
Continuing onto the next screen where the two step verification was, which was to send a text to my phone to receive a code and bang! Before I even received the text a six digit code appears in the fill box on the screen (same spinning dots in a square pattern) right before my eyes and then I receive the text afterwards! The numbers matched!!
I’ve also been asked to enter my Google credentials on more than one occasion lately from being “signed out”...
I don't know what to do!
I've tried all of the popular virus type apps and a few file managers to no avail. More like I've been hacked than a virus?
I've removed apps and shut down almost all of them as well as toggling between mobile data and WiFi and restored the phone twice back to earlier backups from over 6 months ago.
I've only ever downloaded from the Play Store apart from just the once getting your better version of the Play Store XDA (LABS) app.
What might be noteworthy is when I was using Google's help function it said that I had a "modified Android" and to contact manufacturer. I can guarantee the phone has never been cracked open.
I can provide screen shots from DevCheck (FLAR2) but I really don't know what I'm looking at. I also don't have any unknown apps etc...
I really don't know what to do next...
Any advice please??
Sorry about the long post.
All the best,
Crackles
Took phone to Samsung and they wiped the device and installed current (Android Pie 9 w. Feb 01 security update) so was looking forward to having a play with the new os until I went to add my Samsung account details...
Entered the password then the 2-step security kicked in to send a text to my number.
The earlier 4 circling dots dropped the 6 digit code into the fill box before I even received the sms! Device (on it's own jumped straight to the remote control button in the Find my Device security section) then attempted to change the password!
Only thing that prevented that from being carried out was I had biometrics activated and stopped the action using my fingerprint.
Seriously no one has any idea on what to do?!
I also had installed a replacement sim card.
I also can't uninstall updates on certain apps like Google Play Services etc, and some apps either have a dead link (press it and nothing happens) or Play Store can't find the app when I hit the downloaded from Play Store thingy at the bottom of the app description page. Hope that makes sense.
As you said, they wiped the phone, which means they most likely flashed the whole firmware, so there's no way for any malware to remain installed. But for what it's worth, you can try to re-flash the firmware yourself using Oding to make sure the whole flash is clean.
If your phone really was infected with any kind of malware, it must have been a 3-rd party app you have (repeatedly) installed. Some apps like Google Play Services cannot be uninstalled because they are vital for system's (or rather apps installed from Play Store) propper functioning.
Also, even if you had infected your device, it would not be able to take control of your device to the extent you described because of app sandboxing, which cannot be broken unless the app constitutes itself as a system app (because every part of the system has to be cryptographically signed, this would break the boot and brick your device) or the user (you) would have to allow the app the necessary permissions to carry out these tasks.
Hey Kernel thanks for the reply ?
Yes I know what I'm saying sounds crazy and even the missus said I was nuts till I showed her.
I can't screen record any more either...
I'm noticing odd little things like when I pull the notifications screen down for a second or so the NFC, Bluetooth and nearby icons are lit up but then revert back to a if they were off. I've switched all of these items off in the settings so are they being sneaky?
So far nothing really bad has happened apart from not being able to put my credentials into the PayPal app. That's using both Last Pass auto-fill and manually entering the email and password. I've un-installed and re-installed many times and it's the same. I'm not going to add any banking apps just yet.
Facebook also got installed in the background about 4 times within a few minutes. Seemed odd to me. I think I've got a screenshot of that.
Malwarebytes found an issue with I'm guessing a theme I got from the Samsung Galaxy Store so I removed it, chose another and it seems OK.
There's still a few odd things happening like certain settings reverting back to something different from what I'd set.
I'll keep tinkering and post anything that stands out.
Is there an app or something that can check every file on my phone and tell if something isn't quite right?
I don't have a pc at the moment but when I do I'll look into Odin.
Thanks again for taking the time I know I sound like a lunatic and tbh I really wish I was haha!! :laugh:
Hmm interesting...
When I tried to upload the screenshot it stopped and said "bad request"...
Sent from my SM-G955F using XDA Labs
Could all this weird bs be happening if the home WiFi has been hijacked?
Sorry for dumb questions.
Sent from my SM-G955F using XDA Labs
Whatsapp does the same thing, autocompletes the code, before de sms is coming. This is not a malware. But, don't use password manager... Those can be hacked.
Really my password manager can be hacked?!
I'm using Last Pass.
So moving on I started to poke around the WiFi router and found the PnP enabled and my device was sharing with another device. I did not authorise this. I've since reset the router, changed the pin and access code, disabled the WPS and also factory reset the device that was "sharing" with mine... The owner of said device no longer lives with me. I'm just glad I confiscated the phone from him before he left.
When I'm researching possibilities of what could be going on with my phone the pages won't load. It's like my searches are being monitored and the data is being stopped. I tested this with my partner's phone (on mobile data) and the exact Web pages loaded right up on her's without a hitch! I tried again on mine and they just stopped. Pages would load straight away on mine if searching for something completely different like rc cars or bmx related content. Stuff to do with my phone just won't work ffs!
Like when I tried my first post on here. It simply would not post it up! I ended up having to copy/paste the draft and emailing it to another account that I made up on the spot on her phone. Hence the two usernames in this thread.
I got the 3C TOOLBOX app and in the app management section, Task Manager under service many of them are "custom entries" and I cannot un-tick, modify or reset back to the original version of any of these apps. Google Play Services was the worst. Pretty much every thing it was capable of doing had a "custom action" and I could not do anything with it.
Am I doing something wrong or do I have a serious invasion of my phone..?
Thinking about smashing this thing to bits and getting an S10+ ??
Also the Bluetooth, NFC & Nearby buttons almost any me of the day/night are on for a split second when I drag the motivation panel down. These are all set to "OFF" in settings...
What
The
F--k?!?!?!
Sent from my SM-G955F using XDA Labs