The night of the 17th, I was using the Facebook app while suddenly a download in progress icon appeared in the status bar. I pulled down the notifications screen just in time to catch a glimpse of the word "attackers" followed by a bunch of symbols like $ before it disappeared. I could not find anything in the downloads folder list, ESET premium that was monitoring my phone and all downloads hadn't even detected it, and I tried in vain to search online using only the selected phrases I had managed to glimpse.
Then by sheer luck, today, I managed to find a thread on this problem with the full details. The message had been "attackers on <b>%1$s</b> might atte..." with a download in progress while using Facebook app. Which I assume is completed as "might attempt to steal your information" or something.
I tried using this phrase to search about it on Google, and while nothing specific to this problem came up, a list of generic information results on various types of network attacks, DDos, man in the middle and zero day attacks came up, which has me really worried.
I am still using the phone as is, I really don't know much about technology related things. Please advise me what I should do now, if I should just turn off the phone or something. The person in the other thread said he had reset his phone and the problem had reappeared when he had signed into Facebook again, so now I'm not sure if a simple factory reset will help and I will probably need to install a custom ROM or something.
I'm using Android 7.0 in a Samsung Galaxy J7 Prime. I got a software update to Oreo just an hour earlier and I wonder if updating the software will help remove whatever malware/spyware/hacking application got installed.
Please help, I am logged into all my accounts through this phone and it's already been like 4 days since the message first appeared damage control is needed.
Thank you very much. If you know anything, anything, please let me know it's very urgent.
SeaMonster26 said:
The night of the 17th, I was using the Facebook app while suddenly a download in progress icon appeared in the status bar. I pulled down the notifications screen just in time to catch a glimpse of the word "attackers" followed by a bunch of symbols like $ before it disappeared. I could not find anything in the downloads folder list, ESET premium that was monitoring my phone and all downloads hadn't even detected it, and I tried in vain to search online using only the selected phrases I had managed to glimpse.
Then by sheer luck, today, I managed to find a thread on this problem with the full details. The message had been "attackers on <b>%1$s</b> might atte..." with a download in progress while using Facebook app. Which I assume is completed as "might attempt to steal your information" or something.
I tried using this phrase to search about it on Google, and while nothing specific to this problem came up, a list of generic information results on various types of network attacks, DDos, man in the middle and zero day attacks came up, which has me really worried.
I am still using the phone as is, I really don't know much about technology related things. Please advise me what I should do now, if I should just turn off the phone or something. The person in the other thread said he had reset his phone and the problem had reappeared when he had signed into Facebook again, so now I'm not sure if a simple factory reset will help and I will probably need to install a custom ROM or something.
I'm using Android 7.0 in a Samsung Galaxy J7 Prime. I got a software update to Oreo just an hour earlier and I wonder if updating the software will help remove whatever malware/spyware/hacking application got installed.
Please help, I am logged into all my accounts through this phone and it's already been like 4 days since the message first appeared damage control is needed.
Thank you very much. If you know anything, anything, please let me know it's very urgent.
Click to expand...
Click to collapse
sounds like the warning message chrome gives. The <b>%1$s</b> is variable for the website name.
https://security.googleblog.com/2015/02/more-protection-from-unwanted-software.html?m=1
found a couple of other mentions of this
see image in following thread, seems like download manager shows warning so must be Facebook downloading something from a suspect url as you say it happens using Facebook. I don't use Facebook app, you say it downloaded something by itself, without you initialising, seems dodgy, but it's a monster app as I recall, must be even bigger white more permission these days!
https://m.imgur.com/a/31Pds5y
ref
https://www.reddit.com/r/FacebookHelp/comments/9vtne6/attackers_on_b_1s_b_download/
been hampering for at least 4mths
https://www.reddit.com/r/androidapps/comments/8zq0fw/mystery_app_update_on_lg_g5_help/
see you have seen this thread also
https://forum.xda-developers.com/android/help/ineed-help-message-attackers-1s-atte-t3868724
Related
Today I received my new shiny Asus Transformer, everything works great except the Market itself...
I can't even download any apps, paid or free. When I try to download any apps, it start like trying to download, but there is no progress on notification bar and it just keep like that.
I reset the tablet several times, also, cleaned the cache of the Market and Framework services, shutdown (restart) several times... nothing
Is this happening to anyone? I searched this forum and performed the steps above, but still nothing...
Please, help
Have you look into My App area, you will see, not installed list of apps. I get that as well...I am not sure if it's a bug or intended. Sometimes, it would stay at download forever. I got to go out and go back into the Market and redo it all over.
patseei said:
Have you look into My App area, you will see, not installed list of apps. I get that as well...I am not sure if it's a bug or intended. Sometimes, it would stay at download forever. I got to go out and go back into the Market and redo it all over.
Click to expand...
Click to collapse
Yes, sometimes the apps I am trying to download don't even appear there and sometimes it does. When it says "Installing" sometimes, 1 hour can pass and still nothing... no progress on the notification bar.
In fact, I can't install anything from there, not even using the website version, https://market.android.com/
I had/have this same issue I think its a bug in the market app. I've just flashed the new firmware and it seems to work OK now.
My solution was to press back over and over until I exited the market fully, then start a new instance of it. Works on and off.
Ill let you know if the update solves this issue.
Sent from my Transformer TF101 using XDA Premium App
linear_craig said:
I had/have this same issue I think its a bug in the market app. I've just flashed the new firmware and it seems to work OK now.
My solution was to press back over and over until I exited the market fully, then start a new instance of it. Works on and off.
Ill let you know if the update solves this issue.
Sent from my Transformer TF101 using XDA Premium App
Click to expand...
Click to collapse
Thanks for the info.
I tried that, still no luck I need to know if this is a widespread issue or not.
I have the EVO and tried to download apps and install them now without any problems.
Also, I have discovered that I can't log in into GTalk either, but I can browse without any issues.
dark_aura said:
Thanks for the info.
I tried that, still no luck I need to know if this is a widespread issue or not.
I have the EVO and tried to download apps and install them now without any problems.
Also, I have discovered that I can't log in into GTalk either, but I can browse without any issues.
Click to expand...
Click to collapse
Sounds like an odd issue with your account. Try to check settings, accounts an sync .. and see if anything is amiss. If not, then try to create a new gmail account, and use that to login to market/gtalk. See if there is some confusion as to your phone account and your tablet. Do you have settings>Privacy ticked off for google to back up your apps and sync them? Try disabling if so.
Had same issue and went into settings and had to delete my gmail account and then add it again, worked fine after that!
Thanks for the replies.
1. The Backup and Restore settings are turned off.
2. I have created another Google account and removed the original, still the same problem.
3. The EVO is currently off just in case.
After doing some research, I've discovered that Gtalk have something to do with the Market, if Gtalk can sign in, then the market should works for downloads. If not, then there is a problem.
ok... wtf
After adding a new Google account while replacing the original one, the issue still happened.
Then, I decided for a million times, to make another Factory Reset with my original account again... now GTalk logon and the Market download/install apps
I will keep this thread in mind and report if anything weird happens again.
Android Market hates me. I didn't really want to have to create another gmail account but I have tried every other trick posted and still can't get apps to download.
I had this same problem with my Samsung Fascinate. 3G would download fine but I couldn't get WiFi to work until just recently when I updated the radio that came with the OTA Froyo update plus a new custom rom/kernel. I'm not sure which piece all of the sudden made things work but I was certainly happy. What's so frustrating is that I set up a Droid on the same home network with absolutely no problems from day one.
Amazon App store works fine but many of the apps I want aren't available there. Grrr.
dark_aura said:
Today I received my new shiny Asus Transformer, everything works great except the Market itself...
I can't even download any apps, paid or free. When I try to download any apps, it start like trying to download, but there is no progress on notification bar and it just keep like that.
I reset the tablet several times, also, cleaned the cache of the Market and Framework services, shutdown (restart) several times... nothing
Is this happening to anyone? I searched this forum and performed the steps above, but still nothing...
Please, help
Click to expand...
Click to collapse
This occurred to me after rooting the TF. I was able to correct it by going into applications and force stop and clearing data on both Market and both google framework services. Then try to restart market, if you don't get a error go back to applications and do it again. Once you get the error reboot, when you try market after the reboot it will ask you to accept terms again and then all is was right again with the world.
I have the same problem. How I can do a Factory Reset?
It was working ok but now it gives an error with the server. Eventually it will download the aplication after trying several times but will fail in the instalation. I have deleted and created again my account with no results.
Welcome to my problem. Another member told me the issue lies with our google accounts and how it syncs up with the market.
I have tried the other methods deleting cache / signing in and out etc. to no avail.
Only solution is to factory reset. Sad thing is it has happened to me 3x in the past 5 days.
I only hope for a solution to this soon.
3 times, that is scary.
Something has surprised me when I upgraded my phone to the new Galaxy S 2 from HTC HD 2 running an Android rom. When I introduced the google account it automaticaly pointed me all the aplications that I had installed in the old phone (free or paid) and give me an easy option to install all quickly. They were identified as my aplications, even they were not installed.
Is this funtion present here? It will remember what aplications I had installed in the transformer before or I will need to look for all of them again?
solution to download apps
press on apps on the home screen. then press on market. this will get you started click on sign in at top right of screen. it should automatically do a sign in with your google account. then go from there
Hi Everyone,
OK, I am completely new to using tablets and android (and XDA! ) but I recently bought an Android tablet and although I put AV s/w on it I seem to have caught a bug. The problem is that, apparently, my settings app is now malware and it seems the only option to resolve it is to uninstall my settings application. Understandably I don;t want to forge ahead and do this because then I cannot manage my device. Anyone got any suggestions or can point me somewhere that could help? I have trawled the internet for an answer but haven't found anywhere reporting the same thing, so far. I am flummoxed and getting very frustrated. Also, any recommendations for malware prevention apps? Ta.
Thanks for taking time to read this. Sorry if it's in the wrong place!
You do know you should provide more details like which phone, which firmware, what antivirus app, etc.
But the simplest answer you would get is to stop using antivirus apps. Because most of them are hoaxes or give false results. There is nothing wrong with your settings app. I suggest you uninstall the AV app first.
immortalneo said:
You do know you should provide more details like which phone, which firmware, what antivirus app, etc.
But the simplest answer you would get is to stop using antivirus apps. Because most of them are hoaxes or give false results. There is nothing wrong with your settings app. I suggest you uninstall the AV app first.
Click to expand...
Click to collapse
It's not a phone, it's just a no-mark tablet (Tabtronics, if that makes any difference).
Seeing as the last several days (maybe a week now) it has had serious performance issues -- crashing, rebooting itself without my initiating it, not turning on for long periods, notification messeges telling me apps don't work when I have never tried to use them -- I'd say this is not a false result. And the AV (Avast) is the same brand I've been using on my desktop for years and has always been fiine, and I've had no problems with it until the last week.
Seems odd that the assumption here is that there isn't a problem, when there are a shed load of articles online stating how vulnerable Android is to malware. Unfortunately I can't find any that tell you where to go/ what to do in order to get rid of the bug. :crying:
Anyway, thanks for the reply.
BlankScreen said:
It's not a phone, it's just a no-mark tablet (Tabtronics, if that makes any difference).
Seeing as the last several days (maybe a week now) it has had serious performance issues -- crashing, rebooting itself without my initiating it, not turning on for long periods, notification messeges telling me apps don't work when I have never tried to use them -- I'd say this is not a false result. And the AV (Avast) is the same brand I've been using on my desktop for years and has always been fiine, and I've had no problems with it until the last week.
Seems odd that the assumption here is that there isn't a problem, when there are a shed load of articles online stating how vulnerable Android is to malware. Unfortunately I can't find any that tell you where to go/ what to do in order to get rid of the bug. :crying:
Anyway, thanks for the reply.
Click to expand...
Click to collapse
Here's a good discussion that might interest you:
http://forum.xda-developers.com/showthread.php?t=2186782
As for the issues you have, I would attribute it to either a rogue app or low memory. Try uninstalling any apps you recently installed. Also, try clearing app caches, freeing memory etc. See if that helps.
When I woke up today to get ready for work, my rooted Z740g was on the beginning tutorial for setting up the phone. While I was asleep the phone reset itself and erased everything I had on the phone storage. When I tried setting up the phone to see what was going on, the default keyboard app was not there! I had to use google voice to download a keyboard app from a website other than the google play store. No one had physical access to my phone and I had no other device sign ins on my google account history. I didn't grant any strange programs super user permission except for android lost. I didn't see any logs in androidlost and it uses my google account to sign in and I wasn't seeing any strange devices on that log. Do you think that this is some strange fluke or some type of malicious attack? My internal storage was almost full and occasionally my phone would reboot on its own and had various small bugs like battery monitoring being inaccurate on occasion. I'm worried about security breaches on my phone because I have seen how easy it is for someone to access the microphone, camera and any files on the device. I removed my sim and had to change all my online passwords.
Would flashing a rom completely remove any malware that might be on the device?
edit: I just noticed that there were two versions of chrome on my phone when I was trying to figure out what happened earlier today. I did notice that chrome looked different. I see a version 39 from before the wipe occurred and now I have version 28.0.1500.94 I looked up release dates and version 28 was released in 2013 and the phone wasn't even released until sometime in 2014. What gives?
foolioGrimz said:
When I woke up today to get ready for work, my rooted Z740g was on the beginning tutorial for setting up the phone. While I was asleep the phone reset itself and erased everything I had on the phone storage. When I tried setting up the phone to see what was going on, the default keyboard app was not there! I had to use google voice to download a keyboard app from a website other than the google play store. No one had physical access to my phone and I had no other device sign ins on my google account history. I didn't grant any strange programs super user permission except for android lost. I didn't see any logs in androidlost and it uses my google account to sign in and I wasn't seeing any strange devices on that log. Do you think that this is some strange fluke or some type of malicious attack? My internal storage was almost full and occasionally my phone would reboot on its own and had various small bugs like battery monitoring being inaccurate on occasion. I'm worried about security breaches on my phone because I have seen how easy it is for someone to access the microphone, camera and any files on the device. I removed my sim and had to change all my online passwords.
Would flashing a rom completely remove any malware that might be on the device?
edit: I just noticed that there were two versions of chrome on my phone when I was trying to figure out what happened earlier today. I did notice that chrome looked different. I see a version 39 from before the wipe occurred and now I have version 28.0.1500.94 I looked up release dates and version 28 was released in 2013 and the phone wasn't even released until sometime in 2014. What gives?
Click to expand...
Click to collapse
Hi, thank you for using XDA assist.
There is a general forum for android here*http://forum.xda-developers.com/android/help*where you can get better help and support if you try to ask over there.*
Good luck.
My cell phone still is under guarantee protection but I it doesn't help. Well, I discovered few times strange app installed w/o my action with Chinese title, something like eNews or feed app. I deleted it and thought that's all. After some time I started to receive push notification with red background and yellow Chinese sign! In same time I discovered again same app and stock app Sim1 changed its name into something Chinese! After factory reset I thought everything is OK but it last just 3 weeks and same game again! Malwarebytes detect Wireless Update as culprit for this "feature" but it wasn't able to solve problem as this app is part of OS! I have read many facts about Coolpad.Coolreaper.a so I planned to remove this nasty part from my device but don't know how? Service officer didn't find out nothing suspicious after few days of observation and blamed me for click onto ads and adverts links!
Please help me!
Hey there, did you solve the problem with the Coolreaper?
I have the same problem, i just flashed with another Official ROM but Malwarebites finds again the Coolreaper. Now going to wait few days to see if its going to start installing the apps again...
https://forum.xda-developers.com/general/general/coolpad-torino-r108-max-lite-y91-u00-t3735792
ludush1 said:
My cell phone still is under guarantee protection but I it doesn't help. Well, I discovered few times strange app installed w/o my action with Chinese title, something like eNews or feed app. I deleted it and thought that's all. After some time I started to receive push notification with red background and yellow Chinese sign! In same time I discovered again same app and stock app Sim1 changed its name into something Chinese! After factory reset I thought everything is OK but it last just 3 weeks and same game again! Malwarebytes detect Wireless Update as culprit for this "feature" but it wasn't able to solve problem as this app is part of OS! I have read many facts about Coolpad.Coolreaper.a so I planned to remove this nasty part from my device but don't know how? Service officer didn't find out nothing suspicious after few days of observation and blamed me for click onto ads and adverts links!
Please help me!
Click to expand...
Click to collapse
Unfortunately its part of coolpad's system core programs and I havent found any way of removing it... Nasty piece of work from them to include something like that.. but I guess it serves me right for buying a phone made by them... I guess I will either stay away from any chinese made phone in the future - coolpad for certain, but if they are allowed to do this then I dont see what is there to stop other chinese companies from doing the same... very dissapointed.... but not surprised really...
Hi guys!
Tried the search but came up with nothing so here goes...
I must admit I'm not very tech savvy but I can follow instructions no worries
I joined mainly because my Samsung Galaxy S8+ (un-rooted) started to behave very strangely early this year.
(and I want to trick it up after warranty expires in August ?)
Short story is that my Samsung account got hacked (or it at least seems like it) and the perp was then able to control my phone remotely. It was incredible watching my phone do as it pleased and all I could do was sit back and watch. Funny thing is that I've never actually toggled the RC switch (find my phone)...
My local carrier (Telstra Bigpond - Australia) account as well as my Google account got taken over shortly after. This would have given whoever it was access to my 3 cloud accounts which add you can appreciate would contain some sensitive material.
Whoever is responsible could well be a member on here so "Hi, there!! "
I pulled my sim and sd card and switched the phone off so I could decide what to do next.
I got a password manager app, changed all passwords (lucky my partner had a spare iPhone 5S sitting around up I could get online) and factory reset the phone.
All seemed to be going well until a few days ago...
I got "timed out" on my Samsung account (is that even possible?!) and while I was putting the password in (on the Samsung website - silly mistake!) just as I hit next I noticed a few dots in a square pattern that did a spinning type of graphic over the password entry box.
Continuing onto the next screen where the two step verification was, which was to send a text to my phone to receive a code and bang! Before I even received the text a six digit code appears in the fill box on the screen (same spinning dots in a square pattern) right before my eyes and then I receive the text afterwards! The numbers matched!!
I’ve also been asked to enter my Google credentials on more than one occasion lately from being “signed out”...
I don't know what to do!
I've tried all of the popular virus type apps and a few file managers to no avail. More like I've been hacked than a virus?
I've removed apps and shut down almost all of them as well as toggling between mobile data and WiFi and restored the phone twice back to earlier backups from over 6 months ago.
I've only ever downloaded from the Play Store apart from just the once getting your better version of the Play Store XDA (LABS) app.
What might be noteworthy is when I was using Google's help function it said that I had a "modified Android" and to contact manufacturer. I can guarantee the phone has never been cracked open.
I can provide screen shots from DevCheck (FLAR2) but I really don't know what I'm looking at. I also don't have any unknown apps etc...
I really don't know what to do next...
Any advice please??
Sorry about the long post.
All the best,
Crackles
Took phone to Samsung and they wiped the device and installed current (Android Pie 9 w. Feb 01 security update) so was looking forward to having a play with the new os until I went to add my Samsung account details...
Entered the password then the 2-step security kicked in to send a text to my number.
The earlier 4 circling dots dropped the 6 digit code into the fill box before I even received the sms! Device (on it's own jumped straight to the remote control button in the Find my Device security section) then attempted to change the password!
Only thing that prevented that from being carried out was I had biometrics activated and stopped the action using my fingerprint.
Seriously no one has any idea on what to do?!
I also had installed a replacement sim card.
I also can't uninstall updates on certain apps like Google Play Services etc, and some apps either have a dead link (press it and nothing happens) or Play Store can't find the app when I hit the downloaded from Play Store thingy at the bottom of the app description page. Hope that makes sense.
As you said, they wiped the phone, which means they most likely flashed the whole firmware, so there's no way for any malware to remain installed. But for what it's worth, you can try to re-flash the firmware yourself using Oding to make sure the whole flash is clean.
If your phone really was infected with any kind of malware, it must have been a 3-rd party app you have (repeatedly) installed. Some apps like Google Play Services cannot be uninstalled because they are vital for system's (or rather apps installed from Play Store) propper functioning.
Also, even if you had infected your device, it would not be able to take control of your device to the extent you described because of app sandboxing, which cannot be broken unless the app constitutes itself as a system app (because every part of the system has to be cryptographically signed, this would break the boot and brick your device) or the user (you) would have to allow the app the necessary permissions to carry out these tasks.
Hey Kernel thanks for the reply ?
Yes I know what I'm saying sounds crazy and even the missus said I was nuts till I showed her.
I can't screen record any more either...
I'm noticing odd little things like when I pull the notifications screen down for a second or so the NFC, Bluetooth and nearby icons are lit up but then revert back to a if they were off. I've switched all of these items off in the settings so are they being sneaky?
So far nothing really bad has happened apart from not being able to put my credentials into the PayPal app. That's using both Last Pass auto-fill and manually entering the email and password. I've un-installed and re-installed many times and it's the same. I'm not going to add any banking apps just yet.
Facebook also got installed in the background about 4 times within a few minutes. Seemed odd to me. I think I've got a screenshot of that.
Malwarebytes found an issue with I'm guessing a theme I got from the Samsung Galaxy Store so I removed it, chose another and it seems OK.
There's still a few odd things happening like certain settings reverting back to something different from what I'd set.
I'll keep tinkering and post anything that stands out.
Is there an app or something that can check every file on my phone and tell if something isn't quite right?
I don't have a pc at the moment but when I do I'll look into Odin.
Thanks again for taking the time I know I sound like a lunatic and tbh I really wish I was haha!! :laugh:
Hmm interesting...
When I tried to upload the screenshot it stopped and said "bad request"...
Sent from my SM-G955F using XDA Labs
Could all this weird bs be happening if the home WiFi has been hijacked?
Sorry for dumb questions.
Sent from my SM-G955F using XDA Labs
Whatsapp does the same thing, autocompletes the code, before de sms is coming. This is not a malware. But, don't use password manager... Those can be hacked.
Really my password manager can be hacked?!
I'm using Last Pass.
So moving on I started to poke around the WiFi router and found the PnP enabled and my device was sharing with another device. I did not authorise this. I've since reset the router, changed the pin and access code, disabled the WPS and also factory reset the device that was "sharing" with mine... The owner of said device no longer lives with me. I'm just glad I confiscated the phone from him before he left.
When I'm researching possibilities of what could be going on with my phone the pages won't load. It's like my searches are being monitored and the data is being stopped. I tested this with my partner's phone (on mobile data) and the exact Web pages loaded right up on her's without a hitch! I tried again on mine and they just stopped. Pages would load straight away on mine if searching for something completely different like rc cars or bmx related content. Stuff to do with my phone just won't work ffs!
Like when I tried my first post on here. It simply would not post it up! I ended up having to copy/paste the draft and emailing it to another account that I made up on the spot on her phone. Hence the two usernames in this thread.
I got the 3C TOOLBOX app and in the app management section, Task Manager under service many of them are "custom entries" and I cannot un-tick, modify or reset back to the original version of any of these apps. Google Play Services was the worst. Pretty much every thing it was capable of doing had a "custom action" and I could not do anything with it.
Am I doing something wrong or do I have a serious invasion of my phone..?
Thinking about smashing this thing to bits and getting an S10+ ??
Also the Bluetooth, NFC & Nearby buttons almost any me of the day/night are on for a split second when I drag the motivation panel down. These are all set to "OFF" in settings...
What
The
F--k?!?!?!
Sent from my SM-G955F using XDA Labs