When I woke up today to get ready for work, my rooted Z740g was on the beginning tutorial for setting up the phone. While I was asleep the phone reset itself and erased everything I had on the phone storage. When I tried setting up the phone to see what was going on, the default keyboard app was not there! I had to use google voice to download a keyboard app from a website other than the google play store. No one had physical access to my phone and I had no other device sign ins on my google account history. I didn't grant any strange programs super user permission except for android lost. I didn't see any logs in androidlost and it uses my google account to sign in and I wasn't seeing any strange devices on that log. Do you think that this is some strange fluke or some type of malicious attack? My internal storage was almost full and occasionally my phone would reboot on its own and had various small bugs like battery monitoring being inaccurate on occasion. I'm worried about security breaches on my phone because I have seen how easy it is for someone to access the microphone, camera and any files on the device. I removed my sim and had to change all my online passwords.
Would flashing a rom completely remove any malware that might be on the device?
edit: I just noticed that there were two versions of chrome on my phone when I was trying to figure out what happened earlier today. I did notice that chrome looked different. I see a version 39 from before the wipe occurred and now I have version 28.0.1500.94 I looked up release dates and version 28 was released in 2013 and the phone wasn't even released until sometime in 2014. What gives?
foolioGrimz said:
When I woke up today to get ready for work, my rooted Z740g was on the beginning tutorial for setting up the phone. While I was asleep the phone reset itself and erased everything I had on the phone storage. When I tried setting up the phone to see what was going on, the default keyboard app was not there! I had to use google voice to download a keyboard app from a website other than the google play store. No one had physical access to my phone and I had no other device sign ins on my google account history. I didn't grant any strange programs super user permission except for android lost. I didn't see any logs in androidlost and it uses my google account to sign in and I wasn't seeing any strange devices on that log. Do you think that this is some strange fluke or some type of malicious attack? My internal storage was almost full and occasionally my phone would reboot on its own and had various small bugs like battery monitoring being inaccurate on occasion. I'm worried about security breaches on my phone because I have seen how easy it is for someone to access the microphone, camera and any files on the device. I removed my sim and had to change all my online passwords.
Would flashing a rom completely remove any malware that might be on the device?
edit: I just noticed that there were two versions of chrome on my phone when I was trying to figure out what happened earlier today. I did notice that chrome looked different. I see a version 39 from before the wipe occurred and now I have version 28.0.1500.94 I looked up release dates and version 28 was released in 2013 and the phone wasn't even released until sometime in 2014. What gives?
Click to expand...
Click to collapse
Hi, thank you for using XDA assist.
There is a general forum for android here*http://forum.xda-developers.com/android/help*where you can get better help and support if you try to ask over there.*
Good luck.
Related
On the 7th I traded my Nexus 4 into T-Mobile for a Nexus 5. On the 8th, I unlocked the bootloader and sideloaded the stock 4.4.1 OTA file. Today, all of a sudden, my location starts showing 35 miles away without me leaving the house. I turned off and on Location services, and it reset back to my actual location. A short bit later, it did it again to the exact same location.
I called Google, they told me to factory reset. I did. When it was booting up and updating apps, it prompted me to install the 4.4.2 update, which I did. After doing all of that, it repeated the exact issue. I went into my Location History on Google Maps online and deleted all the history for today which fixed it. But it keeps jumping back and forth between my Home location and this other place.
I called Google again liked they asked, and they told me to change my Location setting from High Accuracy to Device Only... and to just keep it that way. But it sucks that way. I asked could it be a hardware problem, if so, I would return it to T-Mobile. She said, "I wouldn't return it just for that issue alone." I also told her I was worried it may be a security issue since I had just handed in my old phone, and she guaranteed me it couldn't be a security issue.
Alright well... I'm lost. Unless someone here has some magic advice, I will return it tomorrow.
The attachment is from my Location History and shows the two locations 1 minute apart.
If you are just using 3G then it might be a IP address change on the towers but if you are also using WIFI for location then yeah something is up. I use High and it only uses GPS when using Maps/Navigation. Otherwise everything such as google now and such uses low power anyways.
shotta35 said:
If you are just using 3G then it might be a IP address change on the towers but if you are also using WIFI for location then yeah something is up. I use High and it only uses GPS when using Maps/Navigation. Otherwise everything such as google now and such uses low power anyways.
Click to expand...
Click to collapse
The entire time I was having the problem, I was at home connected to wifi.
So far today, it has been working like it should and hasn't given me any trouble.
I should probably mention that, along with that problem, the phone was having other issues as well. Google Now wasn't showing me cards, even though my location was working - I was unable to enter my account under the Backup and Reset settings menu - and Sound Search kept giving me syncing errors. Maybe these were all related or caused by the same problem, don't know. After removing my account from Google Now and adding it back as well as some other stuff, I was able to resolve them all.
One other thing I will say is that I was running a sideloaded version of 4.4.1 (unlocked, stock recovery, not rooted) when I did the factory reset, which I thought would reset it back to 4.4. However, when it booted back up, I had a System Update notification telling me to update to 4.4.2, but the file size was only 1.7 mb or so. How did it bypass the size of the 4.4.1 update? Or am I wrong when assuming a factory reset sets it back to its original version?
I've tried everything I can think of to resolve this, but I need some suggestions.
So - my husband finally got a smartphone, after getting by with a keyboard phone for years. I talked to him about different phones - iPhones even - and after looking at several, he took my advice and got a Droid Maxx. Of course I helped him set it up, etc. Everything went well for a day or two, but then he started getting all sorts of errors - Google sync problems, Google account sign-in problems, "Unfortunately Google play services has stopped" etc. I was able to solve most of the problems by uninstalling updates to Google Play, and a few other things. He was still having some issues, though. The phone occasionally shut itself off. So, I decided to do a factory reset.
Since then, everything is working much better. The phone hasn't shut down at all, etc. However, in the last day or two, he will get an error notification that's something like "Trouble signing in to Google Account". He has to tap the notification and enter his Google password. Then everything seems fine until it happens again sometime later. Now it's happening frequently
He has almost no apps installed. The two or three he has installed are the same ones that I have used forever on my android devices, including on my Droid Maxx and Moto X - so on the same or similar devices. I have checked every setting I can think of. He doesn't have 2-step authorization on his Google account and he never has problems with that account on his desktop, laptop, etc.
Any ideas what could be happening? He does drive through an area with no cell service every day, so that could have something to do with it, but I drive through the same no-service area, and I have never, ever had to sign in to my Google account after initial setup. Sometimes this issue crops up when he has perfectly good service.
jkmasi said:
He does drive through an area with no cell service every day, so that could have something to do with it, but I drive through the same no-service area, and I have never, ever had to sign in to my Google account after initial setup. Sometimes this issue crops up when he has perfectly good service.
Click to expand...
Click to collapse
i think that's the problem, i had issues the first time i passed by a no service area and the problem showed up ''we have trouble authenticating this account, tap here to solve'' and thats all. it solved with the tap in the notification, and never appeared again, i suspect your rom data its corrupted and i recommend reinstalling the phones firmware 4.2 or 4.4 whatever version is. that should solve the problems.
Jaocagomez;50875823 your rom data its corrupted and i recommend reinstalling the phones firmware 4.2 or 4.4 whatever version is. that should solve the problems.[/QUOTE said:
Thanks for your reply! Can you please explain what "your rom data its corrupted" means?
Also, how do I reinstall the firmware? This phone is not rooted and was updated to 4.4 KitKat OTA.
I'm hoping that it was just the magnet on his pouch case interfering with the radios. He realized that he's always noticed this problem after the phone has been in the case. This afternoon I asked him not to put it in the case as an experiment.
Click to expand...
Click to collapse
The night of the 17th, I was using the Facebook app while suddenly a download in progress icon appeared in the status bar. I pulled down the notifications screen just in time to catch a glimpse of the word "attackers" followed by a bunch of symbols like $ before it disappeared. I could not find anything in the downloads folder list, ESET premium that was monitoring my phone and all downloads hadn't even detected it, and I tried in vain to search online using only the selected phrases I had managed to glimpse.
Then by sheer luck, today, I managed to find a thread on this problem with the full details. The message had been "attackers on <b>%1$s</b> might atte..." with a download in progress while using Facebook app. Which I assume is completed as "might attempt to steal your information" or something.
I tried using this phrase to search about it on Google, and while nothing specific to this problem came up, a list of generic information results on various types of network attacks, DDos, man in the middle and zero day attacks came up, which has me really worried.
I am still using the phone as is, I really don't know much about technology related things. Please advise me what I should do now, if I should just turn off the phone or something. The person in the other thread said he had reset his phone and the problem had reappeared when he had signed into Facebook again, so now I'm not sure if a simple factory reset will help and I will probably need to install a custom ROM or something.
I'm using Android 7.0 in a Samsung Galaxy J7 Prime. I got a software update to Oreo just an hour earlier and I wonder if updating the software will help remove whatever malware/spyware/hacking application got installed.
Please help, I am logged into all my accounts through this phone and it's already been like 4 days since the message first appeared damage control is needed.
Thank you very much. If you know anything, anything, please let me know it's very urgent.
SeaMonster26 said:
The night of the 17th, I was using the Facebook app while suddenly a download in progress icon appeared in the status bar. I pulled down the notifications screen just in time to catch a glimpse of the word "attackers" followed by a bunch of symbols like $ before it disappeared. I could not find anything in the downloads folder list, ESET premium that was monitoring my phone and all downloads hadn't even detected it, and I tried in vain to search online using only the selected phrases I had managed to glimpse.
Then by sheer luck, today, I managed to find a thread on this problem with the full details. The message had been "attackers on <b>%1$s</b> might atte..." with a download in progress while using Facebook app. Which I assume is completed as "might attempt to steal your information" or something.
I tried using this phrase to search about it on Google, and while nothing specific to this problem came up, a list of generic information results on various types of network attacks, DDos, man in the middle and zero day attacks came up, which has me really worried.
I am still using the phone as is, I really don't know much about technology related things. Please advise me what I should do now, if I should just turn off the phone or something. The person in the other thread said he had reset his phone and the problem had reappeared when he had signed into Facebook again, so now I'm not sure if a simple factory reset will help and I will probably need to install a custom ROM or something.
I'm using Android 7.0 in a Samsung Galaxy J7 Prime. I got a software update to Oreo just an hour earlier and I wonder if updating the software will help remove whatever malware/spyware/hacking application got installed.
Please help, I am logged into all my accounts through this phone and it's already been like 4 days since the message first appeared damage control is needed.
Thank you very much. If you know anything, anything, please let me know it's very urgent.
Click to expand...
Click to collapse
sounds like the warning message chrome gives. The <b>%1$s</b> is variable for the website name.
https://security.googleblog.com/2015/02/more-protection-from-unwanted-software.html?m=1
found a couple of other mentions of this
see image in following thread, seems like download manager shows warning so must be Facebook downloading something from a suspect url as you say it happens using Facebook. I don't use Facebook app, you say it downloaded something by itself, without you initialising, seems dodgy, but it's a monster app as I recall, must be even bigger white more permission these days!
https://m.imgur.com/a/31Pds5y
ref
https://www.reddit.com/r/FacebookHelp/comments/9vtne6/attackers_on_b_1s_b_download/
been hampering for at least 4mths
https://www.reddit.com/r/androidapps/comments/8zq0fw/mystery_app_update_on_lg_g5_help/
see you have seen this thread also
https://forum.xda-developers.com/android/help/ineed-help-message-attackers-1s-atte-t3868724
Hi guys!
Tried the search but came up with nothing so here goes...
I must admit I'm not very tech savvy but I can follow instructions no worries
I joined mainly because my Samsung Galaxy S8+ (un-rooted) started to behave very strangely early this year.
(and I want to trick it up after warranty expires in August ?)
Short story is that my Samsung account got hacked (or it at least seems like it) and the perp was then able to control my phone remotely. It was incredible watching my phone do as it pleased and all I could do was sit back and watch. Funny thing is that I've never actually toggled the RC switch (find my phone)...
My local carrier (Telstra Bigpond - Australia) account as well as my Google account got taken over shortly after. This would have given whoever it was access to my 3 cloud accounts which add you can appreciate would contain some sensitive material.
Whoever is responsible could well be a member on here so "Hi, there!! "
I pulled my sim and sd card and switched the phone off so I could decide what to do next.
I got a password manager app, changed all passwords (lucky my partner had a spare iPhone 5S sitting around up I could get online) and factory reset the phone.
All seemed to be going well until a few days ago...
I got "timed out" on my Samsung account (is that even possible?!) and while I was putting the password in (on the Samsung website - silly mistake!) just as I hit next I noticed a few dots in a square pattern that did a spinning type of graphic over the password entry box.
Continuing onto the next screen where the two step verification was, which was to send a text to my phone to receive a code and bang! Before I even received the text a six digit code appears in the fill box on the screen (same spinning dots in a square pattern) right before my eyes and then I receive the text afterwards! The numbers matched!!
I’ve also been asked to enter my Google credentials on more than one occasion lately from being “signed out”...
I don't know what to do!
I've tried all of the popular virus type apps and a few file managers to no avail. More like I've been hacked than a virus?
I've removed apps and shut down almost all of them as well as toggling between mobile data and WiFi and restored the phone twice back to earlier backups from over 6 months ago.
I've only ever downloaded from the Play Store apart from just the once getting your better version of the Play Store XDA (LABS) app.
What might be noteworthy is when I was using Google's help function it said that I had a "modified Android" and to contact manufacturer. I can guarantee the phone has never been cracked open.
I can provide screen shots from DevCheck (FLAR2) but I really don't know what I'm looking at. I also don't have any unknown apps etc...
I really don't know what to do next...
Any advice please??
Sorry about the long post.
All the best,
Crackles
Took phone to Samsung and they wiped the device and installed current (Android Pie 9 w. Feb 01 security update) so was looking forward to having a play with the new os until I went to add my Samsung account details...
Entered the password then the 2-step security kicked in to send a text to my number.
The earlier 4 circling dots dropped the 6 digit code into the fill box before I even received the sms! Device (on it's own jumped straight to the remote control button in the Find my Device security section) then attempted to change the password!
Only thing that prevented that from being carried out was I had biometrics activated and stopped the action using my fingerprint.
Seriously no one has any idea on what to do?!
I also had installed a replacement sim card.
I also can't uninstall updates on certain apps like Google Play Services etc, and some apps either have a dead link (press it and nothing happens) or Play Store can't find the app when I hit the downloaded from Play Store thingy at the bottom of the app description page. Hope that makes sense.
As you said, they wiped the phone, which means they most likely flashed the whole firmware, so there's no way for any malware to remain installed. But for what it's worth, you can try to re-flash the firmware yourself using Oding to make sure the whole flash is clean.
If your phone really was infected with any kind of malware, it must have been a 3-rd party app you have (repeatedly) installed. Some apps like Google Play Services cannot be uninstalled because they are vital for system's (or rather apps installed from Play Store) propper functioning.
Also, even if you had infected your device, it would not be able to take control of your device to the extent you described because of app sandboxing, which cannot be broken unless the app constitutes itself as a system app (because every part of the system has to be cryptographically signed, this would break the boot and brick your device) or the user (you) would have to allow the app the necessary permissions to carry out these tasks.
Hey Kernel thanks for the reply ?
Yes I know what I'm saying sounds crazy and even the missus said I was nuts till I showed her.
I can't screen record any more either...
I'm noticing odd little things like when I pull the notifications screen down for a second or so the NFC, Bluetooth and nearby icons are lit up but then revert back to a if they were off. I've switched all of these items off in the settings so are they being sneaky?
So far nothing really bad has happened apart from not being able to put my credentials into the PayPal app. That's using both Last Pass auto-fill and manually entering the email and password. I've un-installed and re-installed many times and it's the same. I'm not going to add any banking apps just yet.
Facebook also got installed in the background about 4 times within a few minutes. Seemed odd to me. I think I've got a screenshot of that.
Malwarebytes found an issue with I'm guessing a theme I got from the Samsung Galaxy Store so I removed it, chose another and it seems OK.
There's still a few odd things happening like certain settings reverting back to something different from what I'd set.
I'll keep tinkering and post anything that stands out.
Is there an app or something that can check every file on my phone and tell if something isn't quite right?
I don't have a pc at the moment but when I do I'll look into Odin.
Thanks again for taking the time I know I sound like a lunatic and tbh I really wish I was haha!! :laugh:
Hmm interesting...
When I tried to upload the screenshot it stopped and said "bad request"...
Sent from my SM-G955F using XDA Labs
Could all this weird bs be happening if the home WiFi has been hijacked?
Sorry for dumb questions.
Sent from my SM-G955F using XDA Labs
Whatsapp does the same thing, autocompletes the code, before de sms is coming. This is not a malware. But, don't use password manager... Those can be hacked.
Really my password manager can be hacked?!
I'm using Last Pass.
So moving on I started to poke around the WiFi router and found the PnP enabled and my device was sharing with another device. I did not authorise this. I've since reset the router, changed the pin and access code, disabled the WPS and also factory reset the device that was "sharing" with mine... The owner of said device no longer lives with me. I'm just glad I confiscated the phone from him before he left.
When I'm researching possibilities of what could be going on with my phone the pages won't load. It's like my searches are being monitored and the data is being stopped. I tested this with my partner's phone (on mobile data) and the exact Web pages loaded right up on her's without a hitch! I tried again on mine and they just stopped. Pages would load straight away on mine if searching for something completely different like rc cars or bmx related content. Stuff to do with my phone just won't work ffs!
Like when I tried my first post on here. It simply would not post it up! I ended up having to copy/paste the draft and emailing it to another account that I made up on the spot on her phone. Hence the two usernames in this thread.
I got the 3C TOOLBOX app and in the app management section, Task Manager under service many of them are "custom entries" and I cannot un-tick, modify or reset back to the original version of any of these apps. Google Play Services was the worst. Pretty much every thing it was capable of doing had a "custom action" and I could not do anything with it.
Am I doing something wrong or do I have a serious invasion of my phone..?
Thinking about smashing this thing to bits and getting an S10+ ??
Also the Bluetooth, NFC & Nearby buttons almost any me of the day/night are on for a split second when I drag the motivation panel down. These are all set to "OFF" in settings...
What
The
F--k?!?!?!
Sent from my SM-G955F using XDA Labs
Hi Guys,
I got a strange email in my emails, when looking at the email from / to it looked spoofed and I was about to click back but I accidentally clicked 'Download images', the ones that are usually blocked when opening an email, not actual attachments. Can JPEGs etc... contain anything malicious?
I factory reset my phone after that happened but that didn't stop my getting 3 calls from Africa this morning, 2 within one minute.
phoneNoob2020 said:
Hi Guys,
I got a strange email in my emails, when looking at the email from / to it looked spoofed and I was about to click back but I accidentally clicked 'Download images', the ones that are usually blocked when opening an email, not actual attachments. Can JPEGs etc... contain anything malicious?
I factory reset my phone after that happened but that didn't stop my getting 3 calls from Africa this morning, 2 within one minute.
Click to expand...
Click to collapse
They can, eg Stagefright or later in 2016 this
https://www.forbes.com/sites/thomasbrewster/2016/09/06/google-android-one-photo-hack/
or just last year
https://www.komando.com/security-pr...e-over-an-android-phone-with-an-image/543634/
which you phone may be vulnerable to if not still getting regular updates
and just this month patch also has media framework bug allowing possible escalation of privileges
https://9to5google.com/2020/06/01/pixel-june-20-security-patch/
however it could just be a coincidence you got a storm call, they just use computers to call from a number list or random numbers.
A factory reset may not get rid of malware that has been able to install itself in the system partition. You need to reflash the full factory image again. Or if your phone not getting updates any more from manufacturer you should ALSO flash a trusted custom rom ie Lineage OS from official source (hopefully there is one for your EXACT model) after you have clean flashed the most recent manufacturer ROM.
I use Android 10 with security patch from April.
Would I be right in assuming that the phone needs to be rooted for anything to be installed on the system partition? I don't have mine rooted.
Last time I reflashed a device, even with official firmware it stopped me getting updates.
It is quite annoying since pretty much everybody keeps saying it is safe to open a spam email as long as a link is not clicked or attachment downloaded but that appears to be rubbish since the images rendering within an email seem to be enough for a phone to be hijacked.
phoneNoob2020 said:
I use Android 10 with security patch from April.
Would I be right in assuming that the phone needs to be rooted for anything to be installed on the system partition? I don't have mine rooted.
Last time I reflashed a device, even with official firmware it stopped me getting updates.
It is quite annoying since pretty much everybody keeps saying it is safe to open a spam email as long as a link is not clicked or attachment downloaded but that appears to be rubbish since the images rendering within an email seem to be enough for a phone to be hijacked.
Click to expand...
Click to collapse
You should be pretty much covered for known security issues as you are on April security patch. Though there are of course likely be other unpublished vulnerabilities. You can try submit suspect images to virustotal.com see if it's already known.
Unfortunately malware can install into system partition even if you have not rooted your phone in some cases eg if vulnerability is in already privileged process. (note: I'm not security expert)
Given you are pretty much up to date with known patches I think the phone calls likely just a coincidence, unless you have more indications of hacked phone or other accounts etc.
Edit: PS even if those images were malicious you may be OK as you have recent security patch so they might not have been able to compromise your phone.
IronRoo said:
You should be pretty much covered for known security issues as you are on April security patch. Though there are of course likely be other unpublished vulnerabilities. You can try submit suspect images to virustotal.com see if it's already known.
Unfortunately malware can install into system partition even if you have not rooted your phone in some cases eg if vulnerability is in already privileged process. (note: I'm not security expert)
Given you are pretty much up to date with known patches I think the phone calls likely just a coincidence, unless you have more indications of hacked phone or other accounts etc.
Edit: PS even if those images were malicious you may be OK as you have recent security patch so they might not have been able to compromise your phone.
Click to expand...
Click to collapse
Strange thing is Tuesday night before this, I got a reset password email for Netflix... i didn't think too much of it and don't know why they would do that.
That is before Thursday when I accidentally opened a spam mail then later on Thursday got a few calls from an African Number.
Then today I got 3 password reset emails from my other email account, of course the reset requests went to my email.
Microsoft really suck too because I cannot get on my email account from a browser since when I put my phone number in it says, try again later. I am already logged in through the app though.
phoneNoob2020 said:
Strange thing is Tuesday night before this, I got a reset password email for Netflix... i didn't think too much of it and don't know why they would do that.
That is before Thursday when I accidentally opened a spam mail then later on Thursday got a few calls from an African Number.
Then today I got 3 password reset emails from my other email account, of course the reset requests went to my email.
Microsoft really suck too because I cannot get on my email account from a browser since when I put my phone number in it says, try again later. I am already logged in through the app though.
Click to expand...
Click to collapse
so many reset password requests suggests something is going on, possibly your phone but maybe more likely just one of your online accounts passwords leaked, there were a couple of big ones recently, check haveibeenpwnd or is it just that you reset your phone?
Yeah, I always need to change my browser to old IE to log in to MS cause of my settings/addons
IronRoo said:
so many reset password requests suggests something is going on, possibly your phone but maybe more likely just one of your online accounts passwords leaked, there were a couple of big ones recently, check haveibeenpwnd or is it just that you reset your phone?
Yeah, I always need to change my browser to old IE to log in to MS cause of my settings/addons
Click to expand...
Click to collapse
Well I got myself an Iphone SE for now, heard that they are sandboxed as long as they are not jailbroken.. however I removed the native mail app since that has a vulnerability now which is quite famous.
I know it iPhone is a bit of a swear word around here, but it is the best option until re-installing the OS on Xioami mi 8 pro.
Hopefully there is a way to set mi 8 into recovery without using third party tools, XZ1 had a feature to re-install android but that was pretty rare. It is a shame the storage space is so awful on it or I wouldn't have wanted to change phone