[Q] Vicious Trojan: heur:Backdoor.AndroidOS.Wateh.a - General Questions and Answers

I am begging for someone to help me.
I am not tech savvy, and wish to ask if anyone knows about this trojan, heur:Backdoor.AndroidOS.Wateh.a?
I have a nook hd +, six months old and I somehow got this trojan on my internal memory. I did a search of the forums but there is hardly anything yet, on these trojans, as a family. What are they?
I did a hard reset of my nook hd+ after running Kaspersky internet security. It was Kaspersky that finally named the virus for me.
I had 360 antivirus before and tried to clean the system with that, but could not do anything since it said that the virus could not be uninstalled.
I tried other free antiviruses which all stated the same thing.
My nook keeps rebooting in five minute intervals, I work a lot in the cloud, have I contaminated all of my cloud storage accounts?
A google search turns up nothing on this virus. What can I do to save my nook hd+?
Thank you, for your efforts!

Trojan:
Nook Demo: Version:3.4.1.2 Size:60K Security Level: Danger! This difficult trojan that steals my personal information has now been flashed into my Nook HD+'s ROM. Please see the screen shot of my antivirus Quihoo 360's diagnosis. Please suggest something, anyone who has knowledge.

Vicious Trojan: Help, Please! It has now flashed to the ROM
The trojan virus referenced above, has now flashed into my Nook hd+'s ROM. It is the same trojan as above, named, heur:Backdoor.AndroidOS.Wateh.a
Under my Quihoo 360 Antivirus, it is showing up as Nook Demo: Version:3.4.1.2
The heur:Backdoor designation is from when I had Kaspersky installed.
The 360 Antivirus has revealed some stats on this trojan. I just can't figure out how to upload the screen shot.
Please, help!
The 360 Antivirus diagnosis looks like this:
Nook Demo
Version:3.4.1.2 Size:60K
Security Level: Danger
[Behavior]
Forced autostart
Forced internet connection
Steals user's personal information
Uses risk permissions that do not comply with the software attributes
[Permission]
Your Personal Information:
add or modify calendar events and send emails to guests without owner's knowledge, read Browser's history and bookmarks, read sensitive log data, read your profile data, write Browser's history and bookmarks, write contact data, write your profile data.
Development Tools:
make all background applicatons close, send Linux signals to applications.
Services That Cost You Money:
directly call phone numbers, send SMS messages.
Your Location:
coarse (network-based) location, fine (GPS) location.
Your Messages:
edit SMSor MMS, read SMS or MMS, receive MMS, receive SMS.
Network Communcation
control Near Field Communication, create Bluetooth connections, full internet access, make/ receive internet calls.
Your Accounts
manage the accounts list, use the authentication credentials of an account.
etc, etc...

Vicious Trojan:
Would rooting this Nook get rid of this problem safely?
Obviously, I cannot backup this trojan flashed device.

Related

Trust Google Drive??

http://www.askmen.com/entertainment/tech-news/google-drive-licence-agreement.html
Gets u thinking actually. :-\
Sent from my epic touch with plenty of ICS treats to go around!
Wow that's crazy, will uninstall it now !
Thanks for the link !
You should probably read this. http://www.theverge.com/2012/4/25/2973849/google-drive-terms-privacy-data-skydrive-dropbox-icloud
Don't believe the hype. They need to have permission to use your content to provide services that process, index, copy to servers, translate, display, etc...anything they do to provide the service needs to be covered in legalese.
The part they gloss over in the "be very afraid" blog posts and articles is that "The rights that you grant in this licence are for the limited purpose of operating, promoting and improving our Services, and to develop new ones."
They also don't mention that the associated privacy policy that also governs how your information is used explicitly states that your personal information is not used for purposes outside that policy without your consent.
http://www.google.com/policies/privacy/
But if anyone is worried at all about keeping their data in the "cloud," they should honestly trust no one. Unless they are encrypting your data before storing it, all the services need the same permissions...Dropbox, iCloud, etc...
http://www.theverge.com/2012/4/25/2973849/google-drive-terms-privacy-data-skydrive-dropbox-icloud
Everyone can make their own choice, but I'm not concerned. I wouldn't keep truly sensitive materials in ANY unencrypted repository. For everything else, these solutions are mighty convenient and secure enough for me.
Unprompted install, exfiltration route
So Drive is now on my device although I never asked to install and never even heard of it until I saw it as an active task. com.google.android.apps.docs
Now we have an unprompted install that provides a direct connection to Google docs without prompting for login credentials. (It is apparently using the login for gmail as a universal login).
So without any action on their part or any notice, a user's entire Google Docs can exfiltrated by compromising their phone. Nice.
It is so easy for a user to get taken by accident. Many don't know that when they preview attachments in gmail they can go to Google Docs and they certainly won't know about Google Drive on their Android as it doesn't even drop an icon during an unprompted install.
Drama much in here?
You're already using an Android device, which is linked with your Google account. Google recently updated their Privacy Policies so that it is now the same across the board. Your Gmail account has the same Policy as your Google+ account, your Youtube account, your Google Voice account, your Google Reader account, and (wait for it....) your Google Drive account. If you're okay with the policy as it applies to the content stored in your email, why is the policy as it relates to file and document storage an issue?
And, as has been mentioned in posts referencing the Verge article, the file storage policies are pretty much the same with the other major cloud storage providers - iCloud, Windows SkyDrive, Dropbox, etc. Your data remains your data, and nothing will be done to disclose it.
As for an "unprompted install", I'm going to guess that you previously had Google Docs installed. When Drive went public, it was also announced that it was essentially a continuation of Docs - an update, if you will. When you installed the Docs update from the Play Store, you automatically got Drive. Congratulations.
If your phone gets compromised, the bad guy would have access to a lot of juicy data in addition to just your Google Docs. Your Dropbox, for instance, would be unprotected. As would your Gmail, Calendar, Contacts, work email, Latitude history, Google+ posts, stored passwords in your Browser, etc. Let's look at this realistically and not just panic over a sensationalized story.
Hi, i'm in Italy and i speak quite well english, i have to say I'm using google drive from 6 days ago and I've never had any problem with my files so i Trust and if u saw the last internet privacy policy of google in the begin of 2012 we should have saw they don't computing or manipulate our file, simple check the integrity of the sequence of bit stored in the cloud... sorry for my totaly bad english, I hope I was helpful... thanks for consider my post...

New Forensics Tool Can Slurp a Phone’s Data via the Cloud

Time to "double wrap" the hat with tin foil...
New Forensics Tool Can Slurp a Phone’s Data via the Cloud
The police don't even need to touch your phone anymore to know how you've been using it. A new off-the-shelf forensics tool lets cops retrieve all the data they want from your iPhone by accessing its contents through iCloud.
The software, developed by ElcomSoft, lets investigators retrieve user data associated with iPhones from Apple's iCloud online backup service, reports The Register. There's a thorough descripton of how the technology works on ElcomSoft's website, but from The Register:
"iCloud backups offer a near real-time copy of information stored on iPhones including emails, call logs, text messages and website visits. iCloud backups are incremental. When set up to use the iCloud service, iPhones automatically connect to iCloud network and backup their content every time a docked device gets within reach of a Wi-Fi access point.
"'While other methods require the presence of the actual iPhone device being analyzed or at least an access to device backups this is not the case with iCloud,' ElcomSoft chief exec Vladimir Katalov explained. 'With a valid Apple ID and a password, investigators can not only retrieve backups to seized devices, but access that information in real-time while the phone is still in the hands of a suspect.'"
Of course, the solution does require access to the Apple ID and password of the person who's being snooped on and they might not be easy to obtain. But, once those details are in place, the data can be swiftly downloaded, unencrypted. Nice. [ElcomSoft via The Register]
Interesting. I suppose something like this could happen with Google eventually as well, but the only thing that I ever backup are contacts. There was a story posted recently about the FBI issuing a warrant to Google to get access to a pimp's phone because they couldn't crack his unlock pattern.
http://arstechnica.com/tech-policy/...droids-pattern-lock-serves-warrant-on-google/
Even with this, they can only get a limited amount of his data. Google only allows for syncing of Contacts, Calendar, and Gmail, so if he doesn't use it as a main source for data or have his other email linked too it they still won't gain much info. Not sure why the warrant asks for texts because last I checked even Wireless providers only keep logs of numbers texted, not the messages themselves, correct?
Anyway, while this doesn't seem an issue as it requires a warrant, as you said if someone got access to an AppleID and password for malicious purposes it's open season.

Encrypting All Outgoing Traffic

Hey there XDA
So I was reading this article the other day that pertains to security and encryption on the Android Operating System
http://www.bibliotecapleyades.net/sociopolitica/sociopol_cia38.htm
Basically what is says is that even if you use encryption in apps there's nothing preventing people from accessing your devices mic or camera
But I was thinking what if you encrypt ALL outgoing traffic? Now I'm not the most well versed guy when it comes to technology but I've heard about for example SSH tunnels
So I found this guide on how to setup one on Android: https://www.howtogeek.com/121698/how-to-route-all-your-android-traffic-through-a-secure-tunnel/
Would this effectively encrypt all outgoing data?
Eklondh said:
Hey there XDA
So I was reading this article the other day that pertains to security and encryption on the Android Operating System
http://www.bibliotecapleyades.net/sociopolitica/sociopol_cia38.htm
Basically what is says is that even if you use encryption in apps there's nothing preventing people from accessing your devices mic or camera
But I was thinking what if you encrypt ALL outgoing traffic? Now I'm not the most well versed guy when it comes to technology but I've heard about for example SSH tunnels
So I found this guide on how to setup one on Android: https://www.howtogeek.com/121698/how-to-route-all-your-android-traffic-through-a-secure-tunnel/
Would this effectively encrypt all outgoing data?
Click to expand...
Click to collapse
Not really, setting up an SSH tunnel will only encrypt your traffic between your device and your server, at some point most traffic will have to enter the internet in just as secure manner as it does now so that you can view a website for example, it will add another layer of security, but really only useful for privacy from those on your local network or (if your server is outside your ISP network) from your ISP also (but you'd have to change your DNS servers also or they can get info from there about sites you visit)
Also non of that will stop the issue you mention above about gaining access to your camera, mic, files etc that to beat encryption they just have to gain access to your phone, that could be as simple as sending you a malware link to your email, Whatsapp or whatever, which you visit. Which seems to be what my mum did 2 days ago, there was a well crafted email that appeared to be from Genes Reunited making specific reference to her personal private data & contacts in her account so she clicked the link, now she has no internet access & other issues on tablet, but of course I can't log in to fix from here & she can't follow my instructions over the phone properly! The email password she gave me doesn't work (I wanted to examine the file she clicked on), though there was no confirmation via txt of password changed. So right now I'm not sure as could be related to the TalkTalk hacks.... Or just my mum! Rant over!
So in short no, ssl is not a simple solution
this might help. https://www.torproject.org/
"err on the side of kindness"
IronRoo said:
Not really, setting up an SSH tunnel will only encrypt your traffic between your device and your server, at some point most traffic will have to enter the internet in just as secure manner as it does now so that you can view a website for example, it will add another layer of security, but really only useful for privacy from those on your local network or (if your server is outside your ISP network) from your ISP also (but you'd have to change your DNS servers also or they can get info from there about sites you visit)
Also non of that will stop the issue you mention above about gaining access to your camera, mic, files etc that to beat encryption they just have to gain access to your phone, that could be as simple as sending you a malware link to your email, Whatsapp or whatever, which you visit. Which seems to be what my mum did 2 days ago, there was a well crafted email that appeared to be from Genes Reunited making specific reference to her personal private data & contacts in her account so she clicked the link, now she has no internet access & other issues on tablet, but of course I can't log in to fix from here & she can't follow my instructions over the phone properly! The email password she gave me doesn't work (I wanted to examine the file she clicked on), though there was no confirmation via txt of password changed. So right now I'm not sure as could be related to the TalkTalk hacks.... Or just my mum! Rant over!
So in short no, ssl is not a simple solution
Click to expand...
Click to collapse
Heh, **** man.. Hope she sorts it out
Now I think I've decided to use an SSH tunnel paried with RSA authentication for the time being, it seems good enough for me
mrrocketdog said:
this might help. https://www.torproject.org/
"err on the side of kindness"
Click to expand...
Click to collapse
Tor seems awesome
The proper way to achieve this is using a vpn which permits flexibility on the networking side. I use openvpn server on my home computer and i connect my phones to it. It is set to redirect all traffic through the encrypted tunnel which is forwarded to the internet through my home computer.
Now as noted before the information still goes out to the net at some point and comes back. Encrypting traffic does not help if you click on something malicious out there.
It does help to prevent the directly connected network to snoop on your actual traffic though. Handy when you connect to free wifi etc. Also you can filter traffic by application on the phone or by destination on the other side on the server.

Can the work profile have access to my browsing history, device files, etc.?

I was recently admitted to a company, and as an ease of accessing my e-mails and work schedule, the android "work profile" was made available so that I could have access to company information (such as e-mails, calendar, information and others) without having to receive a corporate cell phone.
However, my biggest concern is with the organization's access to my data. My organization that created the work profile, can have access to my browsing history, data on the device (such as photos, application files, etc.), time I spend using my cell phone, contacts, call logs, and other data personal profile?
I have already visited the google instructions page, but I was still unsure because my organization installed some network certificates and the warning "Your organization can monitor network traffic ..."
Another question:
If I leave a work profile app open in the background, and use my personal profile at the same time, can my organization have access to network traffic and consequently my personal information?
All questions, however redundant, are intended to clarify the details of the organization's access to my personal information
From now on, I am immensely grateful for the help and time you spent reading my questions.
You are holding a phone in your hands for which an organization has concluded a data plan contract and is paying for it. They therefore will have a legitimate interest in the network traffic on this device, unless it is a contract for unlimted bandwidth. Network traffic is triggered by apps / services , which can actually be read out: they simply have to install a HTTP/S proxy what is intercepting the HTTP/S traffic on any app housed on the phone.
jwoegerbauer said:
You are holding a phone in your hands for which an organization has concluded a data plan contract and is paying for it. They therefore will have a legitimate interest in the network traffic on this device, unless it is a contract for unlimted bandwidth. Network traffic is triggered by apps / services , which can actually be read out: they simply have to install a HTTP/S proxy what is intercepting the HTTP/S traffic on any app housed on the phone.
Click to expand...
Click to collapse
The phone is mine, and there is no plan
of internet hired by the company.
It's my personal cell phone, and for me to get
view emails and talk to people from
within the organization, I had to enable
the "work profile".
So I had my personal and work profile
on my personal device.
My question is: my company can see
my personal files and my online activity
in the "PERSONAL PROFILE"?
Fred964 said:
The phone is mine, and there is no plan
of internet hired by the company.
It's my personal cell phone, and for me to get
view emails and talk to people from
within the organization, I had to enable
the "work profile".
So I had my personal and work profile
on my personal device.
My question is: my company can see
my personal files and my online activity
in the "PERSONAL PROFILE"?
Click to expand...
Click to collapse
I created a second user on my phone named "Company".
If I do this it asks me if I wan't to turn on phone calls and SMS and then warns that
Call and SMS history will be shared with this user.
Click to expand...
Click to collapse
That makes sense, since I (as the owner) can decide whether or not other users of my phone can access that data.
I tried to access owners files via filemanager from "Company" account. I couldn't see anything.
I tried the same but via adb using a root shell -> I had full access to owners files.
Owner has a VPN active. I tried to access that VPN from within "Company". Didn't work.
Tried to access apps from within "Company" -> no luck.
Checked settings -> some are gone, some aren't. E.g. I can see my paired devices (paired from owner) when I'm in "Company" account.
Soo, to answer your question:
Fred964 said:
My organization that created the work profile, can have access to my browsing history, data on the device (such as photos, application files, etc.), time I spend using my cell phone, contacts, call logs, and other data personal profile?
I have already visited the google instructions page, but I was still unsure because my organization installed some network certificates and the warning "Your organization can monitor network traffic ..."
Click to expand...
Click to collapse
Access to browsing history, data, contacts? No.
Time spend? I don't know but in battery usage settings I can see how much battery has been used by the owner account.
Call logs? Yes, If you accepted that.
Your language? Yes.
About certificates: I don't know excactly what they do (I figured if you turn them off your device cannot connect to the internet anymore if that certificate is needed for that connection attempt) but you can go to Security -> Encryption & credentials -> Trusted credentials and turn them off while your in your personal account.
However: One questions remains: Does the profile your company created somehow differ from the one you can create manually via settings? I don't think so, so above things should be valid.
If that's an option you could also ask your company directly (even though I can understand if you might not want to trust them).

How to disable the app auto-disable function on an AT&T Velvet?

The thread title says it all. I have found several articles through Google that all turn out to be incorrect since they indicate there is an option on the battey page which doesn't seem to exist on my phone. Not seeing anything that looks like it might control this going through the various "Settings."
I just got the pop-up that said that a bunch of apps were getting their permissions removed because I haven't used them in awhile. I live in Colorado where the current temperature is 2 degrees F. There are several apps like Star Walk that I won't use again until it's warmer. I don't want these restricted nor do I want to go through giving them back permissions. How do I turn off the auto-disable function?
Thanks,
Dave
emilyhunt said:
If you need to hack into any phone or computer, monitor someone’s communications like calls text, WhatsApp twitter, snapchat, Facebook, database, delete record, monitoring employees, monitoring your spouse’s cheating activities, improve credit score, retrieve or spy on your partners whatsapp, text, phone, emails, bank account and many more… Just contact [email protected], he is reliable and efficient. WHATSAPP; +1 (720) 738-5913
He delivered a confidential job without traces
Click to expand...
Click to collapse
Not what I'm looking for. I just want to turn off the unused app auto-disable function on my phone.

Categories

Resources