[Q] any precautions to know if infected apk androrat, trojan apps - General Questions and Answers

so i came across a nasty little forum thread today at hackforums.net giving access for trojans to be installed into apk files ((I mean, i love to hack, but not to hack&destroy)) i find this very offensive and its the first ive heard or seen anything like it. im just wondering how vulnerable are we non-market apk installers? what can we do to prevent being infiltrated? ....and this probably answered on another thread here, but since its subject related, im goinna ask anyways: whats the best virus protection app available right now?

I've personally had this done to me. Learning from personal experience and how instrusive and invasive this trojan is... You really need to watch out for these thing...
1) Don't let anyone touch your phone. They can infect it through sending you the .APK through bluetooth. (this is how I was infected)
2)If you do get infected with it, the only known way I know of, to get rid of it.. is flashing a whole new system to your phone. I'm sure there is a way to get rid of it, but the person who infected you would have to do it. (I may be wrong, but this is all from personal experience with it.
3)You are way more likely to get it from non-market apps. But as long as you are careful what you are downloading, and pay attention to what the app has access to, I believe you will be fine. I'm not sure though.
I personally hate this trojan, and am trying to figure out how to compile to source code to tinker with it myself, on a few spare phones of mine. I will update you with more information on it as I figure it out.
Virus scanners don't really pick it up a whole lot, to tell you the truth. You just have to be very careful on if you trust where the app is coming from.
I don't know if I really answered any of your questions or not, but I hope this helps.

Related

How safe are custom roms to use?

I was wondering if anyone knows a real answer for this. How easy would it be to cook in something that would send back your email login and password? Or other logins to stuff like banking sites. The people who make the roms seem to be hard working enthusiasts, but it still makes me nervous.
The reason I am asking this is because WM6.1 seems pretty buggy and slow and I was hoping that maybe updating to 6.5 would help, however Sprint is being super slow and vague (as usual) about if they will ever release an official rom.
And please no "then just don't use custom roms" replies. I am just hoping someone has some way to show that they are safe and then I will happily use it!
I was wondering the same thing. I don't use any cooked rom for anything banking related for this possible risk.
I know there are other threads that have the answer but can't find them maybe someone hid them?
Anyway what would the average chef gain, second of all how do you know a member of Opera or IE is not taking down your details or even Bill? "by that i mean there is more to worry about"
My point being chefs cook ROMs to give users better phones than stocks... Also the world of WM isn't laden with virus's/spyware so even doing so would be hard and no one would be bothered to spend there time considering how much time cooking consumes.
Just Hard-SPL your device and start flashing
I find cooked roms are the best! They are tweeked, customized, optimized, flexable, etc. Happy Flashing
Im still leary. Im going to wait until you all flash...then i will know its safe
If any chef here did anything as dumb as that, I guarantee you everyone would know in VERY short order what was done, and that chef would be hung up by his ankles and verbally flogged by everyone here.
Trust me, it's never happened here, and it's not GOING to happen; because we have a great community here with great chefs who do nothing but make life better for everyone else. Choose a ROM, flash it, and quit being so paranoid.
FloatingFatMan said:
If any chef here did anything as dumb as that, I guarantee you everyone would know in VERY short order what was done, and that chef would be hung up by his ankles and verbally flogged by everyone here.
Trust me, it's never happened here, and it's not GOING to happen; because we have a great community here with great chefs who do nothing but make life better for everyone else. Choose a ROM, flash it, and quit being so paranoid.
Click to expand...
Click to collapse
That is a very argumentative answer to a very simple and valid concern that allwires has regarding the security of using cooked rom's. Some people that use these rom's like to use their device's web capabilities for banking and for storing personal information and he brings up a very valid question regarding the safety of using these rom's for these purposes. Then you insult the poster by saying he or she is being paranoid when we all know that the capabilities for wrong doing via viruses and other malicious software are very valid concerns in this day and age. I would like to hear an intelligent and informative answer to this question since I'm sure as this sort of thing becomes more mainstream as it is bound through time to become there will be many more inquiries made as to the safety of their usage.
I'm with FloatingFatMan here, any cook daft enough to do such a thing to a ROM would very quickly be found by his peers, tried, convicted and summarily thrown to the lions.
For all that how do we know Messrs Gates, Jobs, well their minions anyway , and other sundry "professional" ROM cooks are not hiding sneaky payloads in?
deedee said:
I'm with FloatingFatMan here, any cook daft enough to do such a thing to a ROM would very quickly be found by his peers, tried, convicted and summarily thrown to the lions.
For all that how do we know Messrs Gates, Jobs, well their minions anyway , and other sundry "professional" ROM cooks are not hiding sneaky payloads in?
Click to expand...
Click to collapse
Well, but you see that is my point exactly. Whether it is the big guy or the small guy doing it history has shown that where there is a will there is a way, especially when there is a profit to be made. Its like when Norton got busted for spyware found in their AV software in the early 2000's, remember that? I just wonder if such an attempt will be made with this newly emerging technology that is similar to the PC of the late 90's and the early 2000's, vulnerable. No one is offering (at least no one that I'm aware of) AV or firewall software for these various mobile OS's and I think that it is only a matter of time before the bad guys find a way to take advantage of these opportunities the same way they did the PC. Al least over time there became ways to detect these types of illegal practices with firewall software and packet capture software that made the average user capable of some control over his or her personal data.
qqa92 said:
Well, but you see that is my point exactly. Whether it is the big guy or the small guy doing it history has shown that where there is a will there is a way, especially when there is a profit to be made. Its like when Norton got busted for spyware found in their AV software in the early 2000's, remember that? I just wonder if such an attempt will be made with this newly emerging technology that is similar to the PC of the late 90's and the early 2000's, vulnerable. No one is offering (at least no one that I'm aware of) AV or firewall software for these various mobile OS's and I think that it is only a matter of time before the bad guys find a way to take advantage of these opportunities the same way they did the PC. Al least over time there became ways to detect these types of illegal practices with firewall software and packet capture software that made the average user capable of some control over his or her personal data.
Click to expand...
Click to collapse
Hey There,
Not wanting to be unkind but i think you are being very paranoid here and btw, you can indeed purchase AV software for mobile devices; youve only gotta google AV software for windows mobile to see that
The limited OS and how its written means the "baddies" would have nothing to gain/find it difficult to exploit so whats the point.
The only "virus" (and i use the term loosely) i ever came across actually asked you "do you want to install blah blah blah" to which the obvious answer was no.............oooo that was dangerous
To summerise, dont get your knickers in a twist about it and enjoy!
^^ And to add to Tim's comments. Just make sure you get your cooked ROM from an established chef if you're worried, and there won't be any problems.
Now, if the ROM was from someone with a tiny postcount and wasn't known, then you might have cause to think twice; but that's not going to happen here...
timmymarsh said:
Hey There,
Not wanting to be unkind but i think you are being very paranoid here and btw, you can indeed purchase AV software for mobile devices; youve only gotta google AV software for windows mobile to see that
The limited OS and how its written means the "baddies" would have nothing to gain/find it difficult to exploit so whats the point.
The only "virus" (and i use the term loosely) i ever came across actually asked you "do you want to install blah blah blah" to which the obvious answer was no.............oooo that was dangerous
To summerise, dont get your knickers in a twist about it and enjoy!
Click to expand...
Click to collapse
Well then why not let the cat out of the bag. I'm just in here to see if I can get a large portion of the members in here's knickers in a twist so that they will all go out and buy my mobile AV since mine is the biggest one out there currently. Lots of potential there, in terms of cha-ching you have to agree. LOL!
There's also the option of downloading a kitchen and cooking your own ROM ... this method permits you to look at each package in detail.
Cheers,
I once opened my yahoo on a cooked room, later on I was trying to log on on my laptop and password was rejected. I freaked out and kept trying, later that day I was able to log in after few hours for some unknown reason...
I stopped using my HTC fuze for emails since.
The myth that ALL cooked ROMs in here are completely clean sounds like an old familiar story of when the young man said to the girl "don't worry it will not hurt a bit" lol
I wish there was a tool that scans for such security gaps in a ROM
I'm not sure what your reasoningn was to stop using email on the phone because of a failure to login to yahoo from a laptop. Did you notice any malicious activity on your yahoo account? Have you since? Have you changed that password? Just seems strange.
As for the security of cooked ROMS, I've never used one but I have a new phone coming and I'm going to try one from a reputable party here. I'm not nervous about it and I use online banking all the time. Here is why I am not concerned:
1.) As several people pointed out already, your PC is more vulnerable just because of sheer numbers. WinMo has a small market share and cooked ROMs would represent an even smaller market share. Even then, there are many custom ROMs to choose from. Then if EVERY user of a specific tainted ROM used their online banking on their phones, there is still little they could actually do with that information. For example, chase uses text messaging which means yes, someone could get my balance and stuff, but I actually have to login to the site to authorize my phone rather than login through the phone. So the information itself may or may not be useful. At the end of the day, it just wouldn't make the chef much money since there would simply be too few potential victims.
2.) The liklihood is very high that the perp would be caught by their peers and exposed in order to 1 - protect their own integrity, and 2 - get bonus points for being the one who exposed the bad guy (or girl). When you add this level of risk to the low reward, it just doesn't make sense. High risk, lots of work, little reward.
3.) Then of course, if someone fraudulently accesses your account, you can usually get that money back.
So I'm perfectly comfortable froma security standpoint. It's the stability standpoint I'm a bit concerned about but that's why I'm waiting till I get my new phone to try one out so I can go back to my old phone if it all craps out.
RedScorpion78 said:
I once opened my yahoo on a cooked room, later on I was trying to log on on my laptop and password was rejected. I freaked out and kept trying, later that day I was able to log in after few hours for some unknown reason...
I stopped using my HTC fuze for emails since.
The myth that ALL cooked ROMs in here are completely clean sounds like an old familiar story of when the young man said to the girl "don't worry it will not hurt a bit" lol
I wish there was a tool that scans for such security gaps in a ROM
Click to expand...
Click to collapse
I was thinking the same thing and how much it would cost to have Lavasoft or AVG or Symantec evaluate ROMs as an impartial third party.
If anybody is thinking peer review would snuff out cheaters there are plenty cases where Ebay and Craigslist deals go bad and everybody is in on it - even (inadvertently) the local police authority that doesn't have the technical knowhow to deal with a cyber-based threat.
startluvova said:
I was thinking the same thing and how much it would cost to have Lavasoft or AVG or Symantec evaluate ROMs as an impartial third party.
If anybody is thinking peer review would snuff out cheaters there are plenty cases where Ebay and Craigslist deals go bad and everybody is in on it - even (inadvertently) the local police authority that doesn't have the technical knowhow to deal with a cyber-based threat.
Click to expand...
Click to collapse
Hey there,
Way to go to ressurect an old thread
Nothing has changed, i have never heard of seen of a custom rom that has a virus cooked in, or one that has been intentionally created to spy on the user.
That said, i guess you have to make your own decision after reading the comments from some experienced chefs/flashers here
CHeers.

Help With Lock and Protect Our Phones..IE *DroidDream*

So I have been looking around online just some basic stuff about privacy on the android phones and so forth.
I have also looked around the xda forums about Privacy and Protecting your ID or anything that you dont want to get out or w.e the case maybe so Im looking for some help and maybe this can help others about this if they wish to.
Well im looking for something that I can have the most protection toward viruses/malware/ID theft or any "stealth" like traces after uninstalling apps and anything that falls into that category. I have came across something called DroidDream Not sure if this is still going on in the world of android or some other form of it. But over all its something that the malware is designed to only run while the android phone is sleeping. Also talks about Once the Android smartphone is rooted, DroidDream searches for a specific package named "com.android.providers.downloadsmanager". If the package is not found, DroidDream silently installs a second malicious app without the user's knowledge. Other malicious apps can be installed in stealth from the DroidDream command and control servers I did find this info from pcworld site but thats some basic stuff..also it talks about the the update of gingerbread helped fixed that issue.
But like I said was looking for something that I can use or other members if they are not aware of such to help lock/protect their phones. I also did come across this link int he xda forums http://forum.xda-developers.com/showthread.php?t=1357056&highlight=Privacy
Also check this out https://www.androidpolice.com/2011/...-and-carrieriq-in-a-new-class-action-lawsuit/
This app seems to be prefect for what im looking for or maybe anyone may have other ideas for something like this.
Thanks for all who reply and is helpful..
When I had a BlackBerry there were a ton of malware apps and I've only seen one or two for android. There was one that I used for a bit before rooting but ill have to get back to you on the name.
But definitely a good idea I always wondered after rooting if that made my phone more vunerable to "hacks" e.g. so if there were a safety feature like that I would definitely use it
I know one of the most popular used is locked out and norton,avg, kaspersky mobile and another one something like netQuin I think but I know when I had the avg and when I scan my phone it said I had a virus but then I try the lock out anti virus and it said I did not.so idk ..
HTC Inspire
NetQuij is the one I used for a few days. Not sure of how well it worjed but thats definitely the o.e I was thinking of
As long as you only install apps from a known good source you have almost no worries. The security is only as good as the hacker. In other words if the hacker what's in your phone bad enough the only way to stop him is to shut it off. Mainly when running a rom like MIUI that use root exploits like crazy.
The main time this happens is when people download pirated apps from servers in Europe and in that case then they deserve what they get. All the antivirus programs really are pointless and slow up the phone. So just be careful and never try to get paid apps for free and you will be fine.
As for the programs showing different results that is due to something being labled a virus and others not. Take the hack kit. Any virus program will remove parts on DL even though it is not a virus at all.
zelendel said:
As long as you only install apps from a known good source you have almost no worries. The security is only as good as the hacker. In other words if the hacker what's in your phone bad enough the only way to stop him is to shut it off. Mainly when running a rom like MIUI that use root exploits like crazy.
The main time this happens is when people download pirated apps from servers in Europe and in that case then they deserve what they get. All the antivirus programs really are pointless and slow up the phone. So just be careful and never try to get paid apps for free and you will be fine.
As for the programs showing different results that is due to something being labled a virus and others not. Take the hack kit. Any virus program will remove parts on DL even though it is not a virus at all.
Click to expand...
Click to collapse
Thanks zel for that info.. and I didn't know miui had stuff like that
HTC Inspire

[Q] Using remote access to root a phone and install a rom

I wonder if anyone knows if it is possible to root and install a ROM for someone using remote access of some sort. At least maybe be able to explore the file directory or flash something even on an already rooted phone. I could see why Google may have built in something that would block this from being possible though. The only reason I ask is because there are so many times I try to help a friend on FB or twitter who is having a problem with their phone and I would LOVE to be able to help them! Most of them are somewhat technological idiots and I don't want to lose them to the dark side! We all know every brand and model of phone has it's different quirks and problems and issues Most can be easily solved with a little searching here on XDA. I'd love to be able to help a friend install an OS update or a custom ROM so they can enjoy their phone to it's fullest potential the way it's meant to be enjoyed and they won't get that phone The Borg use( I'm sure most of you will get the Star Trek reference)!
Obviously, the potential would be there for people to make money rooting people's phones remotely. I'm sure there are some people that wouldn't be happy about someone making money off an otherwise mostly free Development community and I understand that completely. I do think it would be a great way for a developer to raise money to continue their efforts and possibly bring in enough to quit their other job to devote themselves full-time or at least add a little to their income. My thoughts on that would be this: For one, at least it would be someone with a hands-on knowledge of the particular phone and various ROMS for that phone. People such as Mike's Recognized Users of his ARHD ROM would be perfect candidates for something like this. It would certainly also cut down on the overly repeated questions we all have to deal with in EVERY forum on this site. When Mike puts out a new rom there are 10+ new pages an hour, mostly repeating the same three questions, and you know what those are. If I haven't checked in a couple of days that could be HUNDREDS of posts! I am actually someone who reads as much as I can before I install anything, even a small update. Would be nice to have one post answering all the questions I would have. Repetitive questions lead to FIVE repetitive answers of "search before you post" followed by "I did" and a two page conversation about searching. Ugh!
Of course, there is also the problem of someone who is not fully adept at doing somethin like this and bricking peoples phones without recourse. For sure, it would be tough to identify a qualified person to do this but it could be possible. Now, unfortunately you would also be opening yourself up to a stranger accessing all your files and information that are on your phone. I'm not a developer by any means but I'm sure there could be an app and program created that would allow you access but block any files containing personal information.
Overall I think there would be some definite postives to something like this, as well as negatives that I'm not thinking about. Would love to hear your opinion.
Oh, and if anyone tries to steal my idea and profit by it I'm reserving all rights to the concept right now!
Someone did it
Halfcab123.com
VNC/RDP and do everything from a command prompt.
tony yayo said:
I wonder if anyone knows if it is possible to root and install a ROM for someone using remote access of some sort. At least maybe be able to explore the file directory or flash something even on an already rooted phone. I could see why Google may have built in something that would block this from being possible though. The only reason I ask is because there are so many times I try to help a friend on FB or twitter who is having a problem with their phone and I would LOVE to be able to help them! Most of them are somewhat technological idiots and I don't want to lose them to the dark side! We all know every brand and model of phone has it's different quirks and problems and issues Most can be easily solved with a little searching here on XDA. I'd love to be able to help a friend install an OS update or a custom ROM so they can enjoy their phone to it's fullest potential the way it's meant to be enjoyed and they won't get that phone The Borg use( I'm sure most of you will get the Star Trek reference)!
Obviously, the potential would be there for people to make money rooting people's phones remotely. I'm sure there are some people that wouldn't be happy about someone making money off an otherwise mostly free Development community and I understand that completely. I do think it would be a great way for a developer to raise money to continue their efforts and possibly bring in enough to quit their other job to devote themselves full-time or at least add a little to their income. My thoughts on that would be this: For one, at least it would be someone with a hands-on knowledge of the particular phone and various ROMS for that phone. People such as Mike's Recognized Users of his ARHD ROM would be perfect candidates for something like this. It would certainly also cut down on the overly repeated questions we all have to deal with in EVERY forum on this site. When Mike puts out a new rom there are 10+ new pages an hour, mostly repeating the same three questions, and you know what those are. If I haven't checked in a couple of days that could be HUNDREDS of posts! I am actually someone who reads as much as I can before I install anything, even a small update. Would be nice to have one post answering all the questions I would have. Repetitive questions lead to FIVE repetitive answers of "search before you post" followed by "I did" and a two page conversation about searching. Ugh!
Of course, there is also the problem of someone who is not fully adept at doing somethin like this and bricking peoples phones without recourse. For sure, it would be tough to identify a qualified person to do this but it could be possible. Now, unfortunately you would also be opening yourself up to a stranger accessing all your files and information that are on your phone. I'm not a developer by any means but I'm sure there could be an app and program created that would allow you access but block any files containing personal information.
Overall I think there would be some definite postives to something like this, as well as negatives that I'm not thinking about. Would love to hear your opinion.
Oh, and if anyone tries to steal my idea and profit by it I'm reserving all rights to the concept right now!
Click to expand...
Click to collapse
Lol been done already
GNeX
AOKP
FRANCOS LATEST KERNEL
& WHATEVER [MOD AT THE TIME]

[Q] I am worried: Infected/bad binaries here on XDA?

I'm not accusing anyone for anything. I am simply worried about all the different updates, ROMs, zips, binaries, hacks, etc. here on XDA.
I also understand that XDA cannot take any whatsoever responsibility what their users do and create. Everything that comes from these forums are used at each and everyones own risk.
What makes me worried is: It's so easy for anyone to hide "bad code" in commonly used binaries and bundle them with ROMs and updates, and noone will be the wiser.
Why now?
Well. I did install a nice "super-mega-duper-thunder" engine on one of my android devices, but as I am a suspicious person by nature, I always check up what these "update.zip" files contains first.
At fist I did not find anything suspicious, but after installing it. I noticed a higher demand on the data link, transmitting more data than usual.
I found out that the device is now connecting to various IP-adresses all over the planet, transmits some unidentified data and closes the connection. I don't know what's going on, but I find it kinda weird. I do not believe in coincidences either.
I cannot tell if it is some app I recently installed, nor if it is some zip-file I recently installed. I am still investigating this.
Again: I am not accusing anyone for anything... yet. I simply don't know what's going on.
It made me thinking: XDA might be the perfect springboard for anyone to distribute "bad code" to mobile devices, and reach a huge number of them without ever getting busted. How many ROM developers are there on these forums?... and how many have included spywares/viruses/trojans/etc. in their ROM or updated/hacks? ..and how many of us installs these ROMs and updates completely blind, never ever suspecting a thing?
After all. "trusted" developers are just those who haven't been spotted doing bad things... yet.
(I know. It looks like I am pulling everyone over the same edge. But how can one tell the difference between a good developer, and a bad one if both wear white hats?)
I understand that ROMs is hard to check, and thus the perfect target to hide bad binaries in.
Also easy to hide a few kilobytes of bad code inside /META-INF/com/google/android/ for instance.
Is there anything we, the users and developers, can do about this? To make sure that trusted/recognised developers really don't have anything to hide?
What can one sole user do to prevent or reduce the risk of getting bad code on their devices?
Antivirus?... aw.. .don't try that one. Only script kiddies get busted by antivirus softwares. A good developer write their own "bad code".
Perhaps one should just stay with the stock firmware?
Running custom software always has a risk, its best to stick to well known Devs and try and keep tabs on the feedback in the forum, eventually somebody will figure out if something stinks.. Don't just blindly flash any zip because it promises double data speeds or 4x the battery life from random members with a low post/thanks account.
Even stock software has it exploits.
super mega duper thunder engine?? lol... btw i feel best to keep a check on my data usage myself...(i still dun knw what android os transfers in background)
as my friend said in above post... best is to stick wid well knwn developers..

How to tell if a Samsung Galaxy Amp Prime is rooted?

Hello, this is my first post-I searched and there are a lot of discussions re: rooting, but I decided to post because my issue is a little different.
I have been having hacking issues for awhile-my iPhone was jailbroken remotely-oftentimes, I get a flat "that's impossible," but that's what people at Apple's "genius bar" told me-I didn't come up with it/know what jailbreaking was. A couple laptops were hacked as well as a wifi hotspot router. That's some history.
I have reason to believe my phone has been compromised, considering all I just mentioned. I have a file folder and an example of what I'll find is files dated as from 1969, a file called "lp_extraction_php" (my last pass account was also hacked) and lots of files about sql injections. I am assuming, and I don't know much at all and for that I apologize, but that if my phone has been compromised like my iPhone was, it would have been rooted. I have no idea how to do that/don't know if I'd want to because it may be beyond my non-existent skill level to keep up with. Most of the posts I saw about rooting were from people who were trying to, not from people wondering if someone else has done it already. I have Cricket and they might as well not have customer service for how helpful they have been.
How would I start to tell if my device is rooted, keeping in mind that it may already be compromised and I may need to take extra precaution or go about it differently than an experienced user on a clean device who is trying to change things? (On my iPhone, I thought I was downloading facebook for example, and apparently it wasn't really facebook. It looked 100% legit. So I am a little paranoid about downloading apps). Any advice at all is appreciated!!! Let me know if I can clarify anything.
well 1st off if your rooted you would be able to delete/move/rename system apps/folders and files (with any root file browser). you could use an app such as "root checker" - https://play.google.com/store/apps/details?id=com.joeykrim.rootcheck&hl=en
fear a life un-lived , not death

Categories

Resources