Hello
Information:
Just 2 hours ago I have been hacked and I think that was in my phone. I was making a paypal payment to a friend using the paypal app when sudently, seconds after sending the payment I received a mail of paypal with that transaction and another one of 2.500€ that obviously I never did.
The payment was never make because I don't have so many funds, but they tried 5 times with different quantities and all of my cards. Well, after seeing this I changed my password and all of that **** and right now I want to know before I make a clean rom install if I could investigate where the hack came from.
I am using a Galaxy note 3, it is rooted but limited apps have access to root and I also use xprivacy.
The apps with access to root and the xposed modules are this ones
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
and my rooted apps
Hacker paypal data
The data of the money receptor is:
Sent to: Enrique Gallardo Boto (The recipient of this payment is Non-US – Verified)
Email: [email protected]
What I want
I want to investigate if is possible a little bit more of this. I was thinking on restoring a Titanium of all my apps to yesterday, open logcat or any app that can help me to know where the leak came and what app was the malware and try to make another legit transaction to see if happens anything from my phone.
The problem is that I don't really know how should I proceed and I want to solve this for me and more people.
Any idea?
Is the network you used secure out of curiosity? What kind of apps do you have as far as security just curious?
You could try taking a look at some of the applications' play store reviews as well as the modules' forum threads to see if anything had been reported. I'm always very cautious with root permissions, hard to always know what an app will use it for. Personally I stick to my PC for transactions and stay as far away from Google wallet as I can
Sent from my SCH-I605 using xda app-developers app
There's a VirusTotal app you could try, maybe one of your apps is malicious. But if you'd know how to, I'd also just copy all the apps to your PC and then upload them to VirusTotal that way, it'd be a lot easier.
There's also some pc malware out that can infect your phone even. I'd run a decent anti virus on both your phone and your pc as well. (I like Kaspersky, Malwarebytes and ESET personally).
The other thing too is maybe your passwords are just really weak. I'd recommend a password generator like Keepass.
Fyi only
Jus saw this https://blog.lookout.com/blog/2014/03/06/dendroid/ dendroid malware can takeover ur cam and audio and sneak into your googe play.. features:
Ability to intercept and block SMS received by the target device
Download Pictures from the target device
Spy on the user by taking pictures or making audio and video recordings
Download the user’s web browser history and any saved bookmarks
Download any other accounts (email, social media, VPN) stored on the device
Send texts as the device owner
Record any ongoing calls
Open a dialogue box to ask for passwords or send messages to the victim
Related
Remote Phone is the best way to interact with your Andorid device from any browser.
Phone status, contact list, text archive, device localization are on-line available in such a way you can back-up and work with these data even if the device is off-line. You can also text, change between ring/vibration/silent modes, ring an alarm or ask for the precise localization (GPS coordinates) of your device from your pc. This app enables you to fully control your mobile even if it is not just near you. Settings are fully customizable, including sync period and information you want to sync.
All transmission of data occurs over an encrypted channel (SSL).
All data stored on server are encrypted (AES-256) using a random secret key protected by the user password. No one is able to view any user's data.
Visit https://remotephone.mobi in order to register your account!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I created an account and am fiddling around with it.
Looks good so far. One small remark, when you advertise full control, it would be nice to actually have full control.
Enabling GPS etc..
Will play around with it in the next few days and I'll report back my findings.
Please, don't take my comment the wrong way, I like what you've created so far !
Wobstar said:
I created an account and am fiddling around with it.
Looks good so far. One small remark, when you advertise full control, it would be nice to actually have full control.
Enabling GPS etc..
Will play around with it in the next few days and I'll report back my findings.
Please, don't take my comment the wrong way, I like what you've created so far !
Click to expand...
Click to collapse
I didn't create any app!
For me this app is sensational...
chaikouk said:
Remote Phone is the best way to interact with your Andorid device from any browser.
Phone status, contact list, text archive, device localization are on-line available in such a way you can back-up and work with these data even if the device is off-line. You can also text, change between ring/vibration/silent modes, ring an alarm or ask for the precise localization (GPS coordinates) of your device from your pc. This app enables you to fully control your mobile even if it is not just near you. Settings are fully customizable, including sync period and information you want to sync.
All transmission of data occurs over an encrypted channel (SSL).
All data stored on server are encrypted (AES-256) using a random secret key protected by the user password. No one is able to view any user's data.
Visit https://remotephone.mobi in order to register your account!
Click to expand...
Click to collapse
Great news!
Now all transmission of data occurs over an encrypted channel (SSL)... even more secure!
The server upgrade is over and all services are up again.
Remote Phone is ready to sync more and more users! Yeahhhh..
Has anyone tried this besides me?
Recently, I found that the "Android System Info" app below is using Flurry Agent to send data / report via 3G/internet whenever I start using it. At least, it came out in the logging.
Do you know any alternative that does not use Flurry Agent?
I hate that thing because it uses 3G/internet and it cannot be disabled
I know Astrid is using Flurry Agent as well, but it can be disabled.
Android System Info
by ElectricSheep
>250,000 downloads, 15332 ratings (4.5 avg)
Free
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
i believe that is for the download of the ADs to sustain their income & development
use Adfree perhpas?
Well, I think that is not ads ... Ads should be the AdMob SDK or something in the logging.
Flurry Agent is about analytic:
http://www.flurry.com/
http://forum.xda-developers.com/showthread.php?t=673146
To be honest, I don't mind with ads ... Especially if that can support the dev and the app is good.
But, I don't like sending usage pattern, statistical data, usage analysis, that kind of things.
AllGamer said:
i believe that is for the download of the ADs to sustain their income & development
use Adfree perhpas?
Click to expand...
Click to collapse
Many devs find analytics to be important information to them.
You could edit your hosts file manually to block any flurry.com urls...
Not rooted, you cant do that.
Good developer will add an option to disable this, like Astrid.
distortedloop said:
Many devs find analytics to be important information to them.
You could edit your hosts file manually to block any flurry.com urls...
Click to expand...
Click to collapse
gogol said:
Not rooted, you cant do that.
Good developer will add an option to disable this, like Astrid.
Click to expand...
Click to collapse
Your last sentence doesn't quite sit right for some reason, but I agree overall.
Something in the back of my mind tells me there's a revenue stream to the developers who include this. Like flurry pays them a royalty for data collected. That needs confirmation, but while many devs put stuff out for the love of the device, many more need to get some income off the app to stay interested in developing/maintaining it. We all want "free" apps, but we're going to have to get used to either paying up in cash, or paying up in seeing ads, or paying up by having some analytics collected on us.
I don't want my phone spied on either. Best thing you can do is uninstall the apps that spy on you without the feature to turn it off, give the app a 1-star rating on the market, and leave a comment that it collects analytics on you and you don't like that. Kind of lousy thing to do an app that's otherwise top-notch. If enough people uninstall and bad rate these apps, the devs will get the hint and stop doing it.
As for not rooted, there's no reason not to root the Nexus S. There are hundreds of reason to root, though. Blocking ads and spyware is just one of them.
You don't even have to unlock the bootloader to do it, easy instructions here; no loss of data with that method.
i am looking for a way to schedule sending emails with my Gmail account. i came across Boomerang for Gmail which does exactly what i need it to. it installs as a plugin for Chrome browser and once installed, when i compose a new email in Gmail account, right next to the "send" button, there is now a new Boomerang send button.
what i need to know is if plugins like these can steal passwords. i know i should have thought about that before i installed it but it didn't occurred to me until after the fact. thanks for letting me know!
if permissions include access to cookies it can
Sent from my GT-I9100 using XDA App
They can easily steal your password if they're active when you type it in, but not after that.
Sent from my GT-P1000 using Tapatalk
As far as I am aware, unless they have some sort of keylogger, they cannot get your password, per-se.
However, (As also mentioned above), if they have access to cookies, they can login in your name. Additionally, some sites have the ability to hook in with google, and get "access" to your account if you approve it.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
i got that prompt to allow or deny access as well.
DarthCaniac said:
As far as I am aware, unless they have some sort of keylogger, they cannot get your password, per-se.
However, (As also mentioned above), if they have access to cookies, they can login in your name. Additionally, some sites have the ability to hook in with google, and get "access" to your account if you approve it.
Click to expand...
Click to collapse
I could quite easily write a Chrome extension that popped up a window with your username and password in it, but it would have to capture them at a login screen, and not with a keylogger.
An extension has access to every control on every page that it is running.
Chrome would tell you, when you installed the extension, that it could access your google username and password though, so it could never do anything without you first allowing it to. Saying that though, there's a lot of people that just click 'Okay' without knowing what they're clicking!
Hi everyone,
Just wanted to share with you what we've been working on and released finally yesterday to the store. Will always be FREE and WITHOUT ADS.
Securacy is the first mobile network data application exposer. This software allows you to pinpoint exactly which applications are breaking your concerns in terms of permissions, to where the application talks and if that connection was established over a secure protocol.
Do you want:
- To know what your applications are doing without you knowing?
- To know where your applications are sending data?
- To know how safe is your application?
- To voice your privacy and security concerns?
- To notify others of potential security and privacy invasive applications?
Then this application is for YOU!
=== Data statement ===
Securacy does not collect any personal data. The only data it collects is:
- Your explicit ratings and concerns;
- The applications you use, install, remove and update (to notify you of securacy concerns);
- The details of the network connections that your applications use to send/receive data. This only includes the IP addresses of the servers, and the ports used by the connection. No other data is collected about network connections.
You can find it on the store
Let me know if you have more ideas for it, we are still developing it!
Cheers!
Some screenshots of the application:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
this app made my phone freaking slow! it just keep popping to start the accessibility service though it's on.app crashed when click to show,& app is really slow!log attached.
Sorry to hear that. I took a look at the logcat but it doesn't give me much to go on.
Can you tell me what device are you using, Android version, is it a custom ROM, do you have Google Services installed (it's required for the GMaps)? My guess is that for some reason your device is not returning the list of active accessibility services correctly or at all. If that is the case, then it's better for you to not use it, unfortunately.
Thanks!
killoid said:
this app made my phone freaking slow! it just keep popping to start the accessibility service though it's on.app crashed when click to show,& app is really slow!log attached.
Click to expand...
Click to collapse
dferreira said:
Sorry to hear that. I took a look at the logcat but it doesn't give me much to go on.
Can you tell me what device are you using, Android version, is it a custom ROM, do you have Google Services installed (it's required for the GMaps)? My guess is that for some reason your device is not returning the list of active accessibility services correctly or at all. If that is the case, then it's better for you to not use it, unfortunately.
Thanks!
Click to expand...
Click to collapse
my bad! i've not installed google play services on my device,so it's useless for me.
No problem
Cheers
killoid said:
my bad! i've not installed google play services on my device,so it's useless for me.
Click to expand...
Click to collapse
Can we make it so that us ppl who's privacy is deeper can use it I myself don't run any Google apps or gapps package
Sent from my LG-LS980 using Tapatalk
also would you mind posting app here
Sent from my LG-LS980 using Tapatalk
I've got a Unihertz Jelly 2 with T-Mobile service. It's running Android 11. First thing I did when getting it, about two weeks ago, was disable a bunch of Google-ish apps because I'd mostly like Google out of my life. I know from past experience that I can't disable them all because, eg, play store is too useful for me to do without. I'm afraid I may have caused this issue I'm seeing because of my disable frenzy and I'm hoping someone can help me understand what's gone wrong.
Every couple of days I get these messages from number 2903: "We see your phone does have correct settings to access the internet or send MMS. Settings will be sent to your handset."
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
They are accompanied by notifications from Omacp app:
In Omacp I see requests to install things. When I click the button to do the full install I get a report that the APN installed fine but the "browser" failed:
Afterwards it tells me the browser is "unsupported":
What "browser" is it talking about? I thought it might have been Chrome, which was one of the apps I disabled, but re-enabling Chrome did not resolve this.
Still disabled on my phone: Assistant, Calculator, Calendar, Drive, Duo, Files by Google, Google TV, Keep Notes, Photos, Youtube, Youtube Music.
Not disabled (because I thought it would break stuff, I coudn't, or the warning messages too dire): Android Accessibility Suite, Android Auto, Android System Webview, Carrier Services, Game Mode, Gboard, Gmail, Google, Google Play Store, Maps, Messages, Phone, Settings, Sim Toolkit.
When I get the messages from 2903 for omacp, I need to do the install or MMS messaging does not work. This sort of feels like it should be happening automatically in the background.
I have the same issue. Any resolution on this?
What browser
@neccowafer
Delete Omacp: it's a virus!
The virus may perform the following malware-related activities without your permission:
Periodically scan the phone.
Obtain the phone's contacts.
Complete control of the SMS solution.
Complete control over the phone calls phone.
Changing the malicious web server from which virus files are downloaded.
Creating a lock screen on your device and displaying a third-party website.
Running scripts that collect password and username information for various purposes.
Turning off and/or restarting your device.
This is why removing the OMACP virus from your Android is highly advisable.