Hi Guys,
I got a strange email in my emails, when looking at the email from / to it looked spoofed and I was about to click back but I accidentally clicked 'Download images', the ones that are usually blocked when opening an email, not actual attachments. Can JPEGs etc... contain anything malicious?
I factory reset my phone after that happened but that didn't stop my getting 3 calls from Africa this morning, 2 within one minute.
phoneNoob2020 said:
Hi Guys,
I got a strange email in my emails, when looking at the email from / to it looked spoofed and I was about to click back but I accidentally clicked 'Download images', the ones that are usually blocked when opening an email, not actual attachments. Can JPEGs etc... contain anything malicious?
I factory reset my phone after that happened but that didn't stop my getting 3 calls from Africa this morning, 2 within one minute.
Click to expand...
Click to collapse
They can, eg Stagefright or later in 2016 this
https://www.forbes.com/sites/thomasbrewster/2016/09/06/google-android-one-photo-hack/
or just last year
https://www.komando.com/security-pr...e-over-an-android-phone-with-an-image/543634/
which you phone may be vulnerable to if not still getting regular updates
and just this month patch also has media framework bug allowing possible escalation of privileges
https://9to5google.com/2020/06/01/pixel-june-20-security-patch/
however it could just be a coincidence you got a storm call, they just use computers to call from a number list or random numbers.
A factory reset may not get rid of malware that has been able to install itself in the system partition. You need to reflash the full factory image again. Or if your phone not getting updates any more from manufacturer you should ALSO flash a trusted custom rom ie Lineage OS from official source (hopefully there is one for your EXACT model) after you have clean flashed the most recent manufacturer ROM.
I use Android 10 with security patch from April.
Would I be right in assuming that the phone needs to be rooted for anything to be installed on the system partition? I don't have mine rooted.
Last time I reflashed a device, even with official firmware it stopped me getting updates.
It is quite annoying since pretty much everybody keeps saying it is safe to open a spam email as long as a link is not clicked or attachment downloaded but that appears to be rubbish since the images rendering within an email seem to be enough for a phone to be hijacked.
phoneNoob2020 said:
I use Android 10 with security patch from April.
Would I be right in assuming that the phone needs to be rooted for anything to be installed on the system partition? I don't have mine rooted.
Last time I reflashed a device, even with official firmware it stopped me getting updates.
It is quite annoying since pretty much everybody keeps saying it is safe to open a spam email as long as a link is not clicked or attachment downloaded but that appears to be rubbish since the images rendering within an email seem to be enough for a phone to be hijacked.
Click to expand...
Click to collapse
You should be pretty much covered for known security issues as you are on April security patch. Though there are of course likely be other unpublished vulnerabilities. You can try submit suspect images to virustotal.com see if it's already known.
Unfortunately malware can install into system partition even if you have not rooted your phone in some cases eg if vulnerability is in already privileged process. (note: I'm not security expert)
Given you are pretty much up to date with known patches I think the phone calls likely just a coincidence, unless you have more indications of hacked phone or other accounts etc.
Edit: PS even if those images were malicious you may be OK as you have recent security patch so they might not have been able to compromise your phone.
IronRoo said:
You should be pretty much covered for known security issues as you are on April security patch. Though there are of course likely be other unpublished vulnerabilities. You can try submit suspect images to virustotal.com see if it's already known.
Unfortunately malware can install into system partition even if you have not rooted your phone in some cases eg if vulnerability is in already privileged process. (note: I'm not security expert)
Given you are pretty much up to date with known patches I think the phone calls likely just a coincidence, unless you have more indications of hacked phone or other accounts etc.
Edit: PS even if those images were malicious you may be OK as you have recent security patch so they might not have been able to compromise your phone.
Click to expand...
Click to collapse
Strange thing is Tuesday night before this, I got a reset password email for Netflix... i didn't think too much of it and don't know why they would do that.
That is before Thursday when I accidentally opened a spam mail then later on Thursday got a few calls from an African Number.
Then today I got 3 password reset emails from my other email account, of course the reset requests went to my email.
Microsoft really suck too because I cannot get on my email account from a browser since when I put my phone number in it says, try again later. I am already logged in through the app though.
phoneNoob2020 said:
Strange thing is Tuesday night before this, I got a reset password email for Netflix... i didn't think too much of it and don't know why they would do that.
That is before Thursday when I accidentally opened a spam mail then later on Thursday got a few calls from an African Number.
Then today I got 3 password reset emails from my other email account, of course the reset requests went to my email.
Microsoft really suck too because I cannot get on my email account from a browser since when I put my phone number in it says, try again later. I am already logged in through the app though.
Click to expand...
Click to collapse
so many reset password requests suggests something is going on, possibly your phone but maybe more likely just one of your online accounts passwords leaked, there were a couple of big ones recently, check haveibeenpwnd or is it just that you reset your phone?
Yeah, I always need to change my browser to old IE to log in to MS cause of my settings/addons
IronRoo said:
so many reset password requests suggests something is going on, possibly your phone but maybe more likely just one of your online accounts passwords leaked, there were a couple of big ones recently, check haveibeenpwnd or is it just that you reset your phone?
Yeah, I always need to change my browser to old IE to log in to MS cause of my settings/addons
Click to expand...
Click to collapse
Well I got myself an Iphone SE for now, heard that they are sandboxed as long as they are not jailbroken.. however I removed the native mail app since that has a vulnerability now which is quite famous.
I know it iPhone is a bit of a swear word around here, but it is the best option until re-installing the OS on Xioami mi 8 pro.
Hopefully there is a way to set mi 8 into recovery without using third party tools, XZ1 had a feature to re-install android but that was pretty rare. It is a shame the storage space is so awful on it or I wouldn't have wanted to change phone
Related
When I woke up today to get ready for work, my rooted Z740g was on the beginning tutorial for setting up the phone. While I was asleep the phone reset itself and erased everything I had on the phone storage. When I tried setting up the phone to see what was going on, the default keyboard app was not there! I had to use google voice to download a keyboard app from a website other than the google play store. No one had physical access to my phone and I had no other device sign ins on my google account history. I didn't grant any strange programs super user permission except for android lost. I didn't see any logs in androidlost and it uses my google account to sign in and I wasn't seeing any strange devices on that log. Do you think that this is some strange fluke or some type of malicious attack? My internal storage was almost full and occasionally my phone would reboot on its own and had various small bugs like battery monitoring being inaccurate on occasion. I'm worried about security breaches on my phone because I have seen how easy it is for someone to access the microphone, camera and any files on the device. I removed my sim and had to change all my online passwords.
Would flashing a rom completely remove any malware that might be on the device?
edit: I just noticed that there were two versions of chrome on my phone when I was trying to figure out what happened earlier today. I did notice that chrome looked different. I see a version 39 from before the wipe occurred and now I have version 28.0.1500.94 I looked up release dates and version 28 was released in 2013 and the phone wasn't even released until sometime in 2014. What gives?
foolioGrimz said:
When I woke up today to get ready for work, my rooted Z740g was on the beginning tutorial for setting up the phone. While I was asleep the phone reset itself and erased everything I had on the phone storage. When I tried setting up the phone to see what was going on, the default keyboard app was not there! I had to use google voice to download a keyboard app from a website other than the google play store. No one had physical access to my phone and I had no other device sign ins on my google account history. I didn't grant any strange programs super user permission except for android lost. I didn't see any logs in androidlost and it uses my google account to sign in and I wasn't seeing any strange devices on that log. Do you think that this is some strange fluke or some type of malicious attack? My internal storage was almost full and occasionally my phone would reboot on its own and had various small bugs like battery monitoring being inaccurate on occasion. I'm worried about security breaches on my phone because I have seen how easy it is for someone to access the microphone, camera and any files on the device. I removed my sim and had to change all my online passwords.
Would flashing a rom completely remove any malware that might be on the device?
edit: I just noticed that there were two versions of chrome on my phone when I was trying to figure out what happened earlier today. I did notice that chrome looked different. I see a version 39 from before the wipe occurred and now I have version 28.0.1500.94 I looked up release dates and version 28 was released in 2013 and the phone wasn't even released until sometime in 2014. What gives?
Click to expand...
Click to collapse
Hi, thank you for using XDA assist.
There is a general forum for android here*http://forum.xda-developers.com/android/help*where you can get better help and support if you try to ask over there.*
Good luck.
Hi guys!
Tried the search but came up with nothing so here goes...
I must admit I'm not very tech savvy but I can follow instructions no worries
I joined mainly because my Samsung Galaxy S8+ (un-rooted) started to behave very strangely early this year.
(and I want to trick it up after warranty expires in August ?)
Short story is that my Samsung account got hacked (or it at least seems like it) and the perp was then able to control my phone remotely. It was incredible watching my phone do as it pleased and all I could do was sit back and watch. Funny thing is that I've never actually toggled the RC switch (find my phone)...
My local carrier (Telstra Bigpond - Australia) account as well as my Google account got taken over shortly after. This would have given whoever it was access to my 3 cloud accounts which add you can appreciate would contain some sensitive material.
Whoever is responsible could well be a member on here so "Hi, there!! "
I pulled my sim and sd card and switched the phone off so I could decide what to do next.
I got a password manager app, changed all passwords (lucky my partner had a spare iPhone 5S sitting around up I could get online) and factory reset the phone.
All seemed to be going well until a few days ago...
I got "timed out" on my Samsung account (is that even possible?!) and while I was putting the password in (on the Samsung website - silly mistake!) just as I hit next I noticed a few dots in a square pattern that did a spinning type of graphic over the password entry box.
Continuing onto the next screen where the two step verification was, which was to send a text to my phone to receive a code and bang! Before I even received the text a six digit code appears in the fill box on the screen (same spinning dots in a square pattern) right before my eyes and then I receive the text afterwards! The numbers matched!!
I’ve also been asked to enter my Google credentials on more than one occasion lately from being “signed out”...
I don't know what to do!
I've tried all of the popular virus type apps and a few file managers to no avail. More like I've been hacked than a virus?
I've removed apps and shut down almost all of them as well as toggling between mobile data and WiFi and restored the phone twice back to earlier backups from over 6 months ago.
I've only ever downloaded from the Play Store apart from just the once getting your better version of the Play Store XDA (LABS) app.
What might be noteworthy is when I was using Google's help function it said that I had a "modified Android" and to contact manufacturer. I can guarantee the phone has never been cracked open.
I can provide screen shots from DevCheck (FLAR2) but I really don't know what I'm looking at. I also don't have any unknown apps etc...
I really don't know what to do next...
Any advice please??
Sorry about the long post.
All the best,
Crackles
Took phone to Samsung and they wiped the device and installed current (Android Pie 9 w. Feb 01 security update) so was looking forward to having a play with the new os until I went to add my Samsung account details...
Entered the password then the 2-step security kicked in to send a text to my number.
The earlier 4 circling dots dropped the 6 digit code into the fill box before I even received the sms! Device (on it's own jumped straight to the remote control button in the Find my Device security section) then attempted to change the password!
Only thing that prevented that from being carried out was I had biometrics activated and stopped the action using my fingerprint.
Seriously no one has any idea on what to do?!
I also had installed a replacement sim card.
I also can't uninstall updates on certain apps like Google Play Services etc, and some apps either have a dead link (press it and nothing happens) or Play Store can't find the app when I hit the downloaded from Play Store thingy at the bottom of the app description page. Hope that makes sense.
As you said, they wiped the phone, which means they most likely flashed the whole firmware, so there's no way for any malware to remain installed. But for what it's worth, you can try to re-flash the firmware yourself using Oding to make sure the whole flash is clean.
If your phone really was infected with any kind of malware, it must have been a 3-rd party app you have (repeatedly) installed. Some apps like Google Play Services cannot be uninstalled because they are vital for system's (or rather apps installed from Play Store) propper functioning.
Also, even if you had infected your device, it would not be able to take control of your device to the extent you described because of app sandboxing, which cannot be broken unless the app constitutes itself as a system app (because every part of the system has to be cryptographically signed, this would break the boot and brick your device) or the user (you) would have to allow the app the necessary permissions to carry out these tasks.
Hey Kernel thanks for the reply ?
Yes I know what I'm saying sounds crazy and even the missus said I was nuts till I showed her.
I can't screen record any more either...
I'm noticing odd little things like when I pull the notifications screen down for a second or so the NFC, Bluetooth and nearby icons are lit up but then revert back to a if they were off. I've switched all of these items off in the settings so are they being sneaky?
So far nothing really bad has happened apart from not being able to put my credentials into the PayPal app. That's using both Last Pass auto-fill and manually entering the email and password. I've un-installed and re-installed many times and it's the same. I'm not going to add any banking apps just yet.
Facebook also got installed in the background about 4 times within a few minutes. Seemed odd to me. I think I've got a screenshot of that.
Malwarebytes found an issue with I'm guessing a theme I got from the Samsung Galaxy Store so I removed it, chose another and it seems OK.
There's still a few odd things happening like certain settings reverting back to something different from what I'd set.
I'll keep tinkering and post anything that stands out.
Is there an app or something that can check every file on my phone and tell if something isn't quite right?
I don't have a pc at the moment but when I do I'll look into Odin.
Thanks again for taking the time I know I sound like a lunatic and tbh I really wish I was haha!! :laugh:
Hmm interesting...
When I tried to upload the screenshot it stopped and said "bad request"...
Sent from my SM-G955F using XDA Labs
Could all this weird bs be happening if the home WiFi has been hijacked?
Sorry for dumb questions.
Sent from my SM-G955F using XDA Labs
Whatsapp does the same thing, autocompletes the code, before de sms is coming. This is not a malware. But, don't use password manager... Those can be hacked.
Really my password manager can be hacked?!
I'm using Last Pass.
So moving on I started to poke around the WiFi router and found the PnP enabled and my device was sharing with another device. I did not authorise this. I've since reset the router, changed the pin and access code, disabled the WPS and also factory reset the device that was "sharing" with mine... The owner of said device no longer lives with me. I'm just glad I confiscated the phone from him before he left.
When I'm researching possibilities of what could be going on with my phone the pages won't load. It's like my searches are being monitored and the data is being stopped. I tested this with my partner's phone (on mobile data) and the exact Web pages loaded right up on her's without a hitch! I tried again on mine and they just stopped. Pages would load straight away on mine if searching for something completely different like rc cars or bmx related content. Stuff to do with my phone just won't work ffs!
Like when I tried my first post on here. It simply would not post it up! I ended up having to copy/paste the draft and emailing it to another account that I made up on the spot on her phone. Hence the two usernames in this thread.
I got the 3C TOOLBOX app and in the app management section, Task Manager under service many of them are "custom entries" and I cannot un-tick, modify or reset back to the original version of any of these apps. Google Play Services was the worst. Pretty much every thing it was capable of doing had a "custom action" and I could not do anything with it.
Am I doing something wrong or do I have a serious invasion of my phone..?
Thinking about smashing this thing to bits and getting an S10+ ??
Also the Bluetooth, NFC & Nearby buttons almost any me of the day/night are on for a split second when I drag the motivation panel down. These are all set to "OFF" in settings...
What
The
F--k?!?!?!
Sent from my SM-G955F using XDA Labs
HI Community,
after a really long hiatus i am back to ask you guys something. My account or phone is acting really weird, from time to time it is deleting contacts from my synced google contacts list. Up to that the same number is often getting blocked at the same time on other apps like whatsapp, snapchat and instagram at the same time. It is a really weird thing and had sometimes happened several times for one contact out of my list. If it would be only facebook apps i could somehow understand it but in some kind of way the contact is getting blocked through a full list of apps.
In time it has occured for at least 5-10 different contacts on my smartphone, it does often get unnoticed but sometimes i´m looking through my blocked list (which is normally empty) and i do see that contacts are getting blocked again. As Example i was writing yesterday with someone and this morning i wanted to check the chat and it went to neverland. One close look into my list it showed me that the number got blocked again and at the same time on instagram too.
Up to that i do had the problem last year already and switched to a new smartphone so it might go away. But nevermind the problem is still there. I´m really afraid that someone has access to my phone because i couldn´t understand how the contacts are getting deleted themselves. RN i´m running a xiaomi mi9, no custom rom or anything, before that i was running a Oneplus 5. It is a weird problem and i would be glad if you could get me some advices.
BR,
Maurice
0
Seppppx said:
Most likely someone hacked your google account and wants to drive you crazy instead of just deleting all stuff at once. Change your password on your google account and every account that uses the same password. Use a password manager like Bitwarden or KeepassDX. Both are open source. Use a strong password to access those.
If the problem persist completely reflash your ROM with miflash.
Click to expand...
Click to collapse
Hi Sepm thanks for the fast reply. I´ve changed my password on 8th of july the last time and even activated the 2nd device control so i can only log me in if i do accept it on my phone.
Quick push
Im keep being hacked by my genius software engineering malignant narcissistic. I've bought over 15 different phones from different carriers and used fake registration info. However, they get hack in 30 mins. I know the fontserver app was remotely downloaded Over the Air because of other apps that are installed to help that process. For ex; GNSS Air Test, Gnss Test 1.2, fused location, gnss log level setting, LAOP test. V1.93, entitlement checkservice , FOTA update, secure ui service, teeservice, dynamic syatem update, hidden menu, hidden operator, G-DEC, GCUV, etc...mobile service apps to install the spyware. From my understanding, all is needed is a phone number to where app is downloaded OTA. Here's the kicker... With every new phone I dont even setup a google acct or call anyone and it get hacked.
So please anyone share your theories or anything about this . i need to stop this bs. Theyve gang stalked me broke in my house numerous time vandalized, hacked my friends and their families threatening them with death threats and non stop harassing calls to my cell and house phones.
So i just need some kind of inkling how this can happen. Sincerely yours truly
Sorry to hear this is happening to you. It is also happening to me by my soon to be ex who is already by ex. I keep being told to buy another phone and I don't because I figure the same would happen to me and the new phone will just get hacked as well by whomever she got to do this to me. I created a post today asking for help, but due to the lack of replies to your post I guess I better not hold my breath that anything can be done. Did you find a resolution to stop from being hacked?
Better check yourself...
Burgrio said:
Hacking attacks are on the rise, and it doesn't seem like there is any way to protect yourself from them.
Click to expand...
Click to collapse
There's plenty you can do. Most devices get compromised because the user did something stupid.
Not always but part of not being stupid is acting as soon as unusual behavior is noticed. Find the cause asap.
Factory reset if you highly suspect being hacked and reset all passwords.
I've been running outdated and unpatched stock Androids for years with no breaches that ever required a factory reset or reflash to purge. It could happen but in practice if you don't do stupid things... it doesn't happen.
Downloading any unvetted files or apks even a jpeg can do it. Do not side load anything unless completely vetted. Lock down install unknown files globally and locally for all apps especially browsers unless you need to sideload. Check those settings at least once a month... and enable them as soon as a sideload is done.
I don't use wifi and keep bt off when not being used. I check my download folder daily for crap I didn't download and for any strange behavior.
All email is kept in the cloud... email and texts are prime perpetrators.
Don't click on anything unknown, delete or close the window. Keep all trashware apps off the device including FB, Twitter, WhatsApp etc.
Scan app permissions, know what's running at startup and why/what's accessing the internet.
Listed System Administrators, who's your daddy?
The list goes on but you get the idea...
♤There's no saving dumb bunnies
Anybody find that the new One UI upgrade is kinda of buggy? For example, ever since I updated, I observed that my phone is blocking my condo number for the intercom system so it resulted in two missed packages already as it went directly to voicemail. The number was already added as contact in my contact list and was not in the blocked list or listed as a spam/high risk call in Hiya. From the call logs, it was blocked by the phone and not Hiya. My second issue is opening up apps, sometimes it opens up to a page where I had previously opened or seen but not to the default or "last used" page. Pretty frustrating to say the least...
Phone is SM-N986W running One UI version 4.0 and Android 12 on TELUS network.
Clear system cache.
If it was a major upgrade it's factory reset time, this may or may not cure it.
This N10+ I'm using is still running on Pie. The current load will be 2 yo in June, still fast and stable. Security is not an issue.
If I have an OS that's fulfilling its mission I let it be. All the hard work is already done and it only needs minimal maintenance to run well. Bringing in updates brings new issues...