Related
Hi,
I wanted to know if I should install AntiVirus I just nand flashed coredroid to my HTC hd2 this was my first flashing ever on my phone and im new to all this I love the way its running now I just want to make sure it stays like that any help would be great
Check "lookout" app ...
tmpchr said:
Check "lookout" app ...
Click to expand...
Click to collapse
agreed, currently have i on my phone
Personally I think antivirus type apps are not needed on android. But if you want one for peace of mind, Lookout is one of the security type apps
the_scotsman said:
Personally I think antivirus type apps are not needed on android. But if you want one for peace of mind, Lookout is one of the security type apps
Click to expand...
Click to collapse
can the phone be restored if i get a virus then? like re-flashing it?
i use lookout as well, but i recomend checking the norton symantec option.
I think my android can be slow if i using antivirus..so any suggest!
"can the phone be restored if i get a virus then? like re-flashing it?"
yes,but only if you have a nandroid backup,titanium backup will do the job ;-)
I use Kaspersky mobile security. Lookout was released at a time claiming to be an AntiVirus when Kaspersky had claimed that there were no viruses out on the Android OS.
Since then there has been atleast 1 exploit which was reported by Kaspersky. (http://androidandme.com/2010/08/news/kaspersky-reports-androids-first-sms-based-trojan/)
Kaspersky being the most consistent AV for Windows over the past 10 years I tend to trust it over Lookout.
I agree with the scotsman
Anti virus form any form of mobile OS is overrated and not really required,virus are SO rare it really isn't worth it, but your decision
btw ive had various os over the years and never had an issue.
the_scotsman said:
Personally I think antivirus type apps are not needed on android. But if you want one for peace of mind, Lookout is one of the security type apps
Click to expand...
Click to collapse
Previously I would have agreed on this but it is far from the truth now. There is various malware been released even on the official market, let alone off-market. Now they wasn't exactly damaging to device/software but they was privacy risks as IMEI/numbers/emails and possibly logins etc are logged and sent.
For the sake of about 10MB of RAM and small battery use its worth the peace of mind.
I recomend either Lookout or Kaspersky. I got a free 6 month license for Kaspersky via German site, cant remember the exact source but found the following, not sure if its still valid or not.
How To Grab Kaspersky Mobile Security 9 Six Months License Key :
First open the bellow Promotional offer webpage arranged by CHIP Magazine , enter your Email address and D4N7D-PD625 as Gutschein-Code and finally click on "Absenden" button for submit.
http://promo.kaspersky.com/chip
Click to expand...
Click to collapse
TheATHEiST said:
Previously I would have agreed on this but it is far from the truth now. There is various malware been released even on the official market, let alone off-market. Now they wasn't exactly damaging to device/software but they was privacy risks as IMEI/numbers/emails and possibly logins etc are logged and sent.
For the sake of about 10MB of RAM and small battery use its worth the peace of mind.
I recomend either Lookout or Kaspersky. I got a free 6 month license for Kaspersky via German site, cant remember the exact source but found the following, not sure if its still valid or not.
Click to expand...
Click to collapse
Thats true but were all taken down afaik, droid is the biggest "risk" for sure though.
timmymarsh said:
Thats true but were all taken down afaik, droid is the biggest "risk" for sure though.
Click to expand...
Click to collapse
Yes they was but because there is no vetting of what gets added to the market there is nothing stopping the same malware, variations of, or new malware been added at any time and because of the sheer popularity of Android now its only a matter of time before it happens again and may be even more serious next time.
If installing a small/low resource app can potentially protect/make you safer I dont see why not.
i installed lookout a few hours ago and so far i didn't notice any major slowdown (desire)
We should remember though these arnt just anti-virus apps but security apps, the biggest problem with mobile devices is physical theft of personal data, more so than any malware.
Siresmokalot said:
i installed lookout a few hours ago and so far i didn't notice any major slowdown (desire)
Click to expand...
Click to collapse
Lookout is pretty good, and regularly updated by their researchers.
Some other (I won't name them) "security apps" don't actually scan or look at the apps you are installing. Instead they just look at the package name. Stick with good and trusted apps. Lookout is free, for "antivirus" features, and you shouldn't need to pay for AV on a phone given their offerings are pretty impressive.
MaFi0s0 said:
We should remember though these arnt just anti-virus apps but security apps, the biggest problem with mobile devices is physical theft of personal data, more so than any malware.
Click to expand...
Click to collapse
Correct, And decent AV apps like Lookout etc come with inbuilt remote wipe features aswell as device location etc so even if your device was stolen you have possibilities of either locating it via GPS/Data/Sounding of alarm or in worst case wiping all personal data from it.
A few things:
Lookout is a great app. Little battery use, works well. The draw back is that it will not deep scan the entire phone, only apps and live scan (downloads). It does auto update definitions.
Netquin is also good. Little battery use as well. It will live scan downloads and deep scan. Drawbacks are that scan time is slow and virus definitions do not auto update.
AVG is the best, in my opinion. Moderate battery use. It will live scan both downloads and web. It will also deep scan and check settings. Virus definitions also auto update.
Dr Web is decent, but with Heavy battery use and multi-hour long scans, I don't recommend it.
Trend Micro has a free mobile security app in the market
I use the computer version on all my laptops, yet to have a virus on any in that time
Thanks guys, safe to say the OP should have a good view of what whats out there now
Does Android Really Need AntiVirus??
What good does it do?
Basically, we all know that these apps protect our phone from being infected with malicious files that we download everyday. Files from untrusted sites of course. It helps clean the phone if ever it gets infected. Question is, Is this true?
NOTE: All other sites except the playstore are classified as untrusted sites
Since Android is made out of the linux platform, it really is hard to penetrate. Studies show that linux systems are almost impenetrable to viruses or malicious files than most phones that are not based on these system. In fact based on experience, I have never heard of an Android phone being "infected" that seriously. Well, who knows.
Another factor is that, antivirus apps consume more battery life. It consumes 50% of battery life while on stand-by mode. It also makes the phone lag a bit since it is running even if you can't see it. It also lags start-up time since it takes a while to load.
Whether you decide to install or not, i'ts better safe than never... right?
I Am not in the favor of these apps. Moreover I dont use Them
Okay... So, what makes you an authority on antivirus on Android? What inside knowledge do you have that makes your opinion an actual valid one, especially when considering all the hundreds of reports of 1000's of malware apps running rampant on our "impenetrable" OS?
Like you've mentioned they are draining some serious batterylife in standby-mode but some like avast can be configured to not run till you start them. A few antivurs apps are coming with widgets, I'd highly recommend not using them because they are really slowing down the tablet and consume a huge amount of battery.
I practise the same approach with my PC, if you know what you are doing and how to do it a firewall + antivirus program may not be need but safe is safe. Android is a very open plattform so having a tool to keep the apps "honest" is not a bad thing in my opinion.
FloatingFatMan said:
Okay... So, what makes you an authority on antivirus on Android? What inside knowledge do you have that makes your opinion an actual valid one, especially when considering all the hundreds of reports of 1000's of malware apps running rampant on our "impenetrable" OS?
Click to expand...
Click to collapse
Most of the antivirus are fake i dont knnow why they make them. Since Android is based on Linux, and Linux needs Super user Permissions to do most of the things especially when you want to harm the device ( viruses) you need to modify system (root) programs and bins/libs/modules which can only be done if you have the root permission. If you have ever used the Linux OS (like Ubuntu) you have to ask roots first before installing any s/w
eg:
Code:
sudo apt-get install
here, sudo is literally this
Code:
superuser-do
You're ignoring all the malware type apps that don't need root. All they need is novice users who aren't paying attention to the permissions list and go and install apps that aren't quite what they're pretending to be. THAT is the primary cause of infection on Android, and it IS an existing problem.
FloatingFatMan said:
You're ignoring all the malware type apps that don't need root. All they need is novice users who aren't paying attention to the permissions list and go and install apps that aren't quite what they're pretending to be. THAT is the primary cause of infection on Android, and it IS an existing problem.
Click to expand...
Click to collapse
Time For some Source CODE !!
Can You get me an example of this ?? I will bring you the code asap
Why would I need to do that? Are you denying that there aren't 1000's of rogue apps out there, masquerading as legit apps, that are stuffed to the gills with malicious code?
Have you been living under a rock for the past few years? Are you still under that rock? I suggest moving out, perhaps into a cave with a view.
Calm Down Dude
Nachiket.Namjoshi said:
Does Android Really Need AntiVirus??
Whether you decide to install or not, i'ts better safe than never... right?
I Am not in the favor of these apps. Moreover I dont use Them
Click to expand...
Click to collapse
Here You go !
FloatingFatMan said:
Why would I need to do that? Are you denying that there aren't 1000's of rogue apps out there, masquerading as legit apps, that are stuffed to the gills with malicious code?
Have you been living under a rock for the past few years? Are you still under that rock? I suggest moving out, perhaps into a cave with a view.
Click to expand...
Click to collapse
Nachiket.Namjoshi said:
Here You go !
Click to expand...
Click to collapse
You forget that most phone users are novices, and don't have a damned clue what they're doing when installing apps. I'm a professional developer by trade (not on Android), and if there's one thing I know very well, users do not read popup dialogs, ever. They just click the button to make it go away so they can get on with what they're doing.
You cannot use people on XDA as an example of what users are like. Most of us here actually have some tech savvy and know what we're doing, but we're less than 1% of the userbase.
Which makes antivirus apps, resource hogs that they are, pretty critical for the average user; to protect them from their own stupidity. Advising people NOT to use them is rather irresponsible of you, especially as you are NOT a security expert.
FloatingFatMan said:
You forget that most phone users are novices, and don't have a damned clue what they're doing when installing apps. I'm a professional developer by trade (not on Android), and if there's one thing I know very well, users do not read popup dialogs, ever. They just click the button to make it go away so they can get on with what they're doing.
You cannot use people on XDA as an example of what users are like. Most of us here actually have some tech savvy and know what we're doing, but we're less than 1% of the userbase.
Which makes antivirus apps, resource hogs that they are, pretty critical for the average user; to protect them from their own stupidity. Advising people NOT to use them is rather irresponsible of you, especially as you are NOT a security expert.
Click to expand...
Click to collapse
Exactly. That is why I'm posting this here instead of a blog!! :')
Chillax buddy. Btw pdroid is better than antivirus apps bröder. I too am an app dev!
Sent from my GT-S5360 using xda app-developers app
I agree sir. this is true that some apps do such notorious things. but as a member of xda I am very care full about the permissions.
SHORTER
shorter: all files from internet cannot normaly harm your phone but if you download apk and instal it you can have problems (depends on app permisions) BUT it cannot totaly destroy your phone without SU permision (superuser)
normal files like mp3 mp4 cannot do anything
SORRY FOR MY ENGLISH and hit thanks if helped
FloatingFatMan said:
Why would I need to do that? Are you denying that there aren't 1000's of rogue apps out there, masquerading as legit apps, that are stuffed to the gills with malicious code?
Have you been living under a rock for the past few years? Are you still under that rock? I suggest moving out, perhaps into a cave with a view.
Click to expand...
Click to collapse
This is exactly what happens. This thread is really pointless. I can copy your whole data while you are busy making threads like these or block access to any of your apps while I'm running. Antivirus is not just something which protects you against so called viruses but also malicious apps.
I agree, though AV's like avast and dr.web which are considered "light" still consumes a lot from my phone. I have observed that lately even though I have deep sleep app on my phone , I whitelisted the AV's it tooks at around 30-50% of my battery. I don't want to automatically kill the AV because it will become useless if it doesn't run on background. so I decided to just uninstall it and get my apk downloads from PC so that avast and malwarebytes on pc will be the ones that will scan my apks.
I've known for 2 years I've been hacked. Everyone I know thinks I'm crazy because for 2 years I've been convinced that my phone was being controlled remotely even though I've changed devices, profiles, and deleted more apps than I can count. Finally yesterday I dicovered Total Virus Scan and it found this. I've had at least 50 antivirus apps with no success and I was not sure if maybe I wasn't a going crazy. I even would stop using my phone for a month or more at a time because that was the only time I had issues. Whoever is behind this has taught me everything I know about android and hacking by directing me in a way that is hard to explain. I'd just see what they wanted me to do by a random page that would pop up, or sentence highlighted, or other discreet cues. If I have not had 100% accuracy on certain issues I've been informed about by following these cues I would be certain I was crazy but there has been like 50 personal issues I've been informed about by following these cues and not a single time has it been we wrong. Unfortunately I let it consume me for about a year and almost ruined my life because of it and what I've learned has seriously altered my life. Yesterday Total Virus Scan found this Keylogger, 2 Trojan, RAT in OS. How do I remove these from my OS andcatch who is behind this? Attached is screenshot of the 4 issues found. Also on SD Maid it said my device wasn't rooted but had a built-in superuser app. Can't find the screenshot I had of that but had a url of toybox. A bunch of numbers then said [email protected] something. Any help will be much appreciated. Thank you in advance.
Could you try to create a backup of those apps and upload somewhere? Maybe it is possible to check it
Try to uninstall those apps with an app uninstaller
If you are unable to uninstall those apps they might be deeply installed? Ive been under the same situation 4-5years ago
Maybe a firmware reflash would do the job but everything will get deleted so try to backup everything
DrunkTrooper said:
Could you try to create a backup of those apps and upload somewhere? Maybe it is possible to check it
Try to uninstall those apps with an app uninstaller
If you are unable to uninstall those apps they might be deeply installed? Ive been under the same situation 4-5years ago
Maybe a firmware reflash would do the job but everything will get deleted so try to backup everything
Click to expand...
Click to collapse
It's not the apps. From what I've read one of the Trojans, the one in Google framework, is a dropper and reproduces and hides them in legit clean apps. That is why antivirus software doesn't pick them up. I've done at least 100 scan's with every malware finder I can find and this is the first time I have gotten a hit on anything but I know for a fact it's been there for at least 2 years. Everything I know about android whoever this person is taught me. It's almost as if they are a friend because they've directed me to learning about someone close to me who was doing me wrong, taught me everything I know about android and hacking, it's crazy man. I can't explain how they communicate with me all I can say is I will just see it and know. Something highlighted briefly, a random page popping up that directly coorilates with what is happening in my life, but also have tried getting money out of me and removed pictures of my wife from my device. I want to find out if it's someone I know before I remove it. If so, I'm thinking criminal charges and anything else I can do to mess with their life like they have mine. They truly destroyed my life for about 18 months and just now getting everything back together. I don't really talk about it anymore because everyone thought I went crazy but still privately search for the cause and who wmis behind it and yesterday I finally found it. Showed my mother and step son and even with these screenshots they still say I'm crazy and seeing things. Just glad I finally have proof. I can't explain what it's like to have EVERYONE around you saying you are crazy and seeing things that aren't there and knowing you aren't. It really sucks and I wouldn't wish what I've experienced the last couple years on my worst enemy.
EJay80 said:
I've known for 2 years I've been hacked. Everyone I know thinks I'm crazy because for 2 years I've been convinced that my phone was being controlled remotely even though I've changed devices, profiles, and deleted more apps than I can count. Finally yesterday I dicovered Total Virus Scan and it found this. I've had at least 50 antivirus apps with no success and I was not sure if maybe I wasn't a going crazy. I even would stop using my phone for a month or more at a time because that was the only time I had issues. Whoever is behind this has taught me everything I know about android and hacking by directing me in a way that is hard to explain. I'd just see what they wanted me to do by a random page that would pop up, or sentence highlighted, or other discreet cues. If I have not had 100% accuracy on certain issues I've been informed about by following these cues I would be certain I was crazy but there has been like 50 personal issues I've been informed about by following these cues and not a single time has it been we wrong. Unfortunately I let it consume me for about a year and almost ruined my life because of it and what I've learned has seriously altered my life. Yesterday Total Virus Scan found this Keylogger, 2 Trojan, RAT in OS. How do I remove these from my OS andcatch who is behind this? Attached is screenshot of the 4 issues found. Also on SD Maid it said my device wasn't rooted but had a built-in superuser app. Can't find the screenshot I had of that but had a url of toybox. A bunch of numbers then said [email protected] something. Any help will be much appreciated. Thank you in advance.
Click to expand...
Click to collapse
You need to utube Beef, it's a exploit that takes over your browser that's started with script embedded in a web page, text, messenger msg, etx. You may confuse it with malware because the attackers will gain the same info if not more by using social engineering.
remove all google accounts from settings, perform a factory reset, create new google account and check Total Virus Scan again.
You can use same google account just don’t restore data
Arealhooman said:
You can use same google account just don’t restore data
Click to expand...
Click to collapse
I don't recommend this as google account is device administrator, anyone knowing that password can remotely install apps
I've got an A32 5G that functionally performs ok. it's had some slow loading pages recently and some YouTube videos buffering, which I attributed to the recent system updates as well as the move to 5g in my area. I still think these are the likely sources of my lower performance, but. . ... I went to grc.com and ran their Shields Up test the other day, probing all common ports. my results came back that I have a port 179 open about 95% of the time (meaning I've ran the test quite a few times since then, only a few of those times it showed stealth). appx. 10% of the time I ran the test, it showed port 1, and port 1&2 closed, but not stealthed. the other test results showed them to be stealthed.
prior to now, and when having my friends run the tests on their phones, my former and everyone else's current results were 100% stealthed.
my questions -
1. can a few of you with the same phone as me run the same tests and see what your results are. (it's at grc.com, then Shields Up, then Shields Up, then proceed, then All Service Ports)
2. short of resetting the phone, how do I find out the source or cause of this port being open? (I've done a lot so far, none of which has helped, so I won't bore anyone just yet)
3. is there a better section to post this in?
See if you can ID the app using it with a firewall.
If running on Pie or below Karma Firewall will detect apps accessing the internet.
If you can't ID and eliminate it, factory reset.
You are what you install and download, exercise caution.
This is what I get when I run that check:
the only apps on my phone are Firefox & Brave browsers, CX File Explorer, File Viewer, New Pipe, SMS Backup & Restore, and a few games from Yiotro.
never been on Facebook, nor any other social media
blackhawk said:
See if you can ID the app using it with a firewall.
If running on Pie or below Karma Firewall will detect apps accessing the internet.
If you can't ID and eliminate it, factory reset.
You are what you install and download, exercise caution.
This is what I get when I run that check:
View attachment 5648189
Click to expand...
Click to collapse
the test I was referring to was this one
and I'm on Android 12. the firewall approach is null with that?
mr_horsepower said:
the test I was referring to was this one
and I'm on Android 12. the firewall approach is null with that?
Click to expand...
Click to collapse
Lol, I scanned that exe with Virustotal and while most might trust it... I don't!
Android 12 will gut firewall apps not designed to run on it. Even 10 does this.
A big reason I still run on Pie; functionality for trusted apps.
Nuke it if there's any doubt. Change Google account password, check if its been breached.
Likely something you installed...
blackhawk said:
Lol, I scanned that exe with Virustotal and while most might trust it... I don't!
Android 12 will gut firewall apps not designed to run on it. Even 10 does this.
A big reason I still run on Pie; functionality for trusted apps.
Nuke it if there's any doubt. Change Google account password, check if its been breached.
Likely something you installed...
Click to expand...
Click to collapse
how do you keep your system from updating?
mine is set to only do it over wifi, and I never use wifi (literally never) and eventually it gives in I guess and downloads it over my data connection. I've got auto updates on the play store turned off and I've never had anything update without my choosing to, again, thru just the play store.
I'm fairly certain that Steve Gibson, the guy that runs the Security Now site and podcast is a 100% safe environment.
*I also realize my recommendations on what's safe and what's not mean nothing, especially given the thread I just started, lol.
mr_horsepower said:
how do you keep your system from updating?
mine is set to only do it over wifi, and I never use wifi (literally never) and eventually it gives in I guess and downloads it over my data connection. I've got auto updates on the play store turned off and I've never had anything update without my choosing to, again, thru just the play store.
I'm fairly certain that Steve Gibson, the guy that runs the Security Now site and podcast is a 100% safe environment.
*I also realize my recommendations on what's safe and what's not mean nothing, especially given the thread I just started, lol.
Click to expand...
Click to collapse
I use a package disabler to block OTA updates.
A nasty little app...
I think his site's probably ok, but caution is best when in doubt. My current load is over 2 yo and runs very well.
I've just spent the past 5 hours doing a full restore on my phone. I just ran the scan again and I got the same effing results. will someone please, for the love of all that is good in this world, pretty friggin please, run that scan and see if they get the same port open? please.
you don't even have to do the whole scan, which takes all of 30 seconds. just type 179 in the box and hit enter. it will open open to another page and you hit the 'probe this port' button. it's Steve Gibsons website. it's safe. he's one of the grandfathers of internet security.
Lol, doesn't sound that safe judging by your results. You should have loaded just that app and scanned. May be a false result.
No known rootkit can survive a factory reset on Android 9 and up. So either it's a normal result, glitch or you reloaded the malware... probably one of the games.
Install Karma Firewall (it may not install on 12), one by one block 3rd party apps and so on, then scan until you find it.
Or factory reset again and run the scan... first.
blackhawk said:
Lol, doesn't sound that safe judging by your results. You should have loaded just that app and scanned. May be a false result.
No known rootkit can survive a factory reset on Android 9 and up. So either it's a normal result, glitch or you reloaded the malware... probably one of the games.
Install Karma Firewall (it may not install on 12), one by one block 3rd party apps and so on, then scan until you find it.
Or factory reset again and run the scan... first.
Click to expand...
Click to collapse
didn't reload the games (they're zero permission games from an awesome source though). I did a reinstall of DDG browser, File Viewer, SMS Backup & Restore, and Textra. I went through all my permissions and deleted all the b.s. bloatware, fired up the browser and went and ran the test. same results. I've ran the test a bunch over the years, first time with that result ever a few days ago.
I'm going to order a new phone tomorrow. if I'm lucky, it'll be in in time for me to blow this thing up on the 4th.
*I also ran the test at a few other port scanners prior to the reset. one of 3 didn't show the port open, the others did. I haven't rechecked it at those places after the fact
*it doesn't sound like you're familiar with Steve Gibson or his work. it'd be worth poking around his website a little. also listening to or reading transcripts of his weekly podcast he's done for years. that website is as pure as the driven snow.
blackhawk said:
Lol, doesn't sound that safe judging by your results. You should have loaded just that app and scanned. May be a false result.
No known rootkit can survive a factory reset on Android 9 and up. So either it's a normal result, glitch or you reloaded the malware... probably one of the games.
Install Karma Firewall (it may not install on 12), one by one block 3rd party apps and so on, then scan until you find it.
Or factory reset again and run the scan... first.
Click to expand...
Click to collapse
and to clarify, it's not an app. you go there with your browser and click on a button. it's just a web page, it's just a button. you don't even need Javascript to be on at his website.
*and while I appreciate your offering up that .apk, I'm not in the habit of sideloading apps from a barely known source. that's a small example of what makes this problem I'm having so perplexing.
mr_horsepower said:
and to clarify, it's not an app. you go there with your browser and click on a button. it's just a web page, it's just a button. you don't even need Javascript to be on at his website.
*and while I appreciate your offering up that .apk, I'm not in the habit of sideloading apps from a barely known source. that's a small example of what makes this problem I'm having so perplexing.
Click to expand...
Click to collapse
Won't run in my browser. Tried disabling a few things that might have blocked it, no go.
My current setup hasn't had any malware issues, has been fast and stable for over 2 years so I'm not playing with it further than this for no good reason.
I don't have in depth knowledge of these protocols. Been a long while since I setup a router. Meh, although I'm curious about this... but it's your rabbit hole to chase down. It's a pretty deep hole.
Karma Firewall been updated.
NetGuard is fully functional on 12, root not needed. I haven't played with this yet.
Install a firewall and see if you can spot it...
if you went there, and proceeded like this, with or without Javascript on (my default everywhere is its off unless I decide to give sites that liberty), I can't see how in the world it's not running. I appreciate your time regardless.
A link be nice...
Here's would I got on my N10+/Pie:
blackhawk said:
A link be nice...
Here's would I got on my N10+/Pie:
View attachment 5648803
Click to expand...
Click to collapse
that's the unplug and pray test. I can't provide a link to anything (try anything you would be able to create a link from at a typical site and you'll see it doesn't work there) but the main page because of the way his site is set up. here's hopefully a better picture of what you are pressing, and what to choose instead.
*check your link, which doesn't go where you think it does, and he explains why not.
Spoiler: Warning - don't visit these two sites:
Code:
www.vu239trk.com
int.vaicore.store
Trend Micro says both of these sites are malicious.
Full story - I recently changed router brands. Our new routers have the ability to block malicious sites that are trying to be accessed. Thankfully, this isn't happening on my rooted phone - it's happening on my wife's Pixel 7 Pro which is unlockable but is locked. The same was the case a week and a half ago with her Pixel 6 Pro. Problem is, that my wife has no idea which of her apps - I'm guessing a game, but who knows - would be accessing those. I've tried to pin them down according to what time the router blocked access, but it hasn't helped.
The router has blocked access to those sites from her phone(s) a total of seven times between October 5th and the 19th:
10/5 - vu
10/9 - vu
10/12 - vaicore
10/14 - vu
10/15 - vu
10/16 - vu
10/19 - vu
So it's not every day, and not repeatedly on the same day. I've let her know each time the router notifies me, but nothing has come to mind for her, so I don't know if it's happening in the background or when she's actively using an app.
I've tried some simple Google-fu for this question, or specifically regarding these sites without any promising help.
Does anyone have any suggestions for how to find out what apps are accessing them? I'm aware of solutions like NetGuard - no-root firewall to whitelist/blacklist internet access - however, my wife is non-technical - I don't root her phones anymore as she's not interested in the benefits and it's less work for me, and no chance for me to mess up her configuration. Also, we both suspect that it's one of her games that is trying to access those sites, and those games might already require internet access for them to work, so I'm more interested in tracking down which without a process of elimination. She's also not methodical like I am, at least for technical things.
I could probably dump a list of her apps to at least get some ideas. All her apps came from the Play Store and were just restored from there during our recent transition to the Pixel 7 Pro, so whatever it is, Google hasn't caught it yet. She doesn't use any special web browsers, just Chrome, and she doesn't do anything techie or hacky.
Also trying to avoid both a factory reset and not using Google's cloud backup. She forgets her passwords constantly so fresh setups always cause high anxiety for her, and therefore for me too.
After you install an app block all updates. A common ploy is the app is clean but after it is installed it will download it's malicious payload.
Keep all social media and shopping apps off the phone. They are malware.
If an app doesn't need internet access to function it should be firewall blocked. Few app need internet access. Find the malware or factory reset and reset passwords. I give myself 2 hours before I nuke it. That should be enough time to find/fix minor malware issues.
Full scan with Malwarebytes. Pay close attention to the download folder and any apps that run at startup. Scan suspects with online Virustotal.
Try in safe mode, see if it stops.
It maybe a false alert... otherwise uninstall or package block installed apps one by one until you nail it. If it's a virus or rootkit that won't stop it though. Hopefully it's just a rogue app that didn't download a rootkit payload...
blackhawk said:
After you install an app block all updates. A common ploy is the app is clean but after it is installed it will download it's malicious payload.
Keep all social media and shopping apps off the phone. They are malware.
If an app doesn't need internet access to function it should be firewall blocked. Few app need internet access. Find the malware or factory reset and reset passwords. I give myself 2 hours before I nuke it. That should be enough time to find/fix minor malware issues.
Full scan with Malwarebytes. Pay close attention to the download folder and any apps that run at startup. Scan suspects with online Virustotal.
Try in safe mode, see if it stops.
It maybe a false alert... otherwise uninstall or package block installed apps one by one until you nail it. If it's a virus or rootkit that won't stop it though. Hopefully it's just a rogue app that didn't download a rootkit payload...
Click to expand...
Click to collapse
I've never once had a problem with any of this stuff... I think the malware problem is hugely overblown. I just don't download random obscure apps and never had an issue.
Trend Micro is often overzealous. I have disabled that crap on my ASUS router.
They both seem to be marketing and tracking sites. The vaicore one apparently was even being triggered by the Audible app at one point.
https://www.reddit.com/r/audible/comments/ttakhs
You could try DuckDuckGo's tracking protection to figure out which app is doing it.
Introducing DuckDuckGo App Tracking Protection for Android
Join the waitlist to try App Tracking Protection for Android today!
spreadprivacy.com
blackhawk said:
After you install an app block all updates. A common ploy is the app is clean but after it is installed it will download it's malicious payload.
Keep all social media and shopping apps off the phone. They are malware.
If an app doesn't need internet access to function it should be firewall blocked. Few app need internet access. Find the malware or factory reset and reset passwords. I give myself 2 hours before I nuke it. That should be enough time to find/fix minor malware issues.
Full scan with Malwarebytes. Pay close attention to the download folder and any apps that run at startup. Scan suspects with online Virustotal.
Try in safe mode, see if it stops.
It maybe a false alert... otherwise uninstall or package block installed apps one by one until you nail it. If it's a virus or rootkit that won't stop it though. Hopefully it's just a rogue app that didn't download a rootkit payload...
Click to expand...
Click to collapse
Since this is my wife's phone, not mine, I'm not willing to micro-manage to try to find the culprit. It would only cause her stress and because of that, ultimately more stress for me.
EtherealRemnant said:
Trend Micro is often overzealous. I have disabled that crap on my ASUS router.
Click to expand...
Click to collapse
I'll certainly keep an eye on what it reports, but since so far it's only reported things from my wife's phone and not my own or any of our computers, I'm going to keep being curious about what exactly is triggering it.
EtherealRemnant said:
They both seem to be marketing and tracking sites. The vaicore one apparently was even being triggered by the Audible app at one point.
https://www.reddit.com/r/audible/comments/ttakhs
Click to expand...
Click to collapse
Thanks for that information! In this case, she doesn't have the Audible app.
EtherealRemnant said:
You could try DuckDuckGo's tracking protection to figure out which app is doing it.
Introducing DuckDuckGo App Tracking Protection for Android
Join the waitlist to try App Tracking Protection for Android today!
spreadprivacy.com
Click to expand...
Click to collapse
Ah, I forgot about DuckDuckGo app's advertised capability. I'll take a look into it. Thanks!
roirraW edor ehT said:
Since this is my wife's phone, not mine, I'm not willing to micro-manage to try to find the culprit. It would only cause her stress and because of that, ultimately more stress for me.
Click to expand...
Click to collapse
Words of wisdom for maintaining a happy marriage
Lughnasadh said:
Words of wisdom for maintaining a happy marriage
Click to expand...
Click to collapse
New movie: "Honey, I disabled half of your apps!"
EtherealRemnant said:
I've never once had a problem with any of this stuff... I think the malware problem is hugely overblown. I just don't download random obscure apps and never had an issue.
Click to expand...
Click to collapse
I rarely sample apps. All my apps are vetted and most have been used by me for years. Playstore is a mess. I keep installable copies of all my apps on my data drive (SD card) master backup for easy reloads if I need to factory reset. I occasionally side load, these are always first scanned with Virustotal. If they even look a little twitchy they aren't loaded. I firewall block all apps that implicitly don't need internet access. I also watch what is accessing the internet, when and why.
Apps are never upgraded unless it would provide a substantial benefit. There's no need to as I already have a stable platform. I don't upgrade or update the firmware, ever. This 3 yo N10+ is still running snappy fast and rock solid stable on Pie. Any problem is easy to stop as the platform is very predictable; malware stands out like a sore thumb. The current load is over 2yo and it runs day after day like a bat out of hell with minimal maintenance. I also watch the download folder like a hawk; everything is vetted before it is moved into the database, apps, mp4's, jpegs etc. At the very least I open the file in the download folder to look for abnormal behavior especially in that folder.
I've had malware jpegs on Android, once you open it, it would damage any files not in a folder in the download folder. Some were repairable some not and best deleted. Deleting the jpeg ends it's rain of terror. If it gets into the database in a folder with a large number of files it would rain hell down on you. It may not be detectable at all as malware meaning you would need to find it the hard way.
There are scripted jpegs, pngs that target both PC and Android. They pop up from time to time and Outlook can be a vector. Keel all email in the cloud ie Gmail. Be very cautious of downloading anything from emails, the oldest trick in the book. Lol, you've been warned
Also saw a trojan preloader slip past Samsung browser without permission. I tagged it in the download folder before it could download it's payload. KIA Police the download folder daily, delete any unknown files without opening them.
Vet everything.
Almost all malware is loaded or downloaded by the user, one way or another. Pie and above are secure unless you do stupid things.
┤Mod Edit├┤Unneeded remark removed├
roirraW edor ehT said:
New movie: "Honey, I disabled half of your apps!"
Click to expand...
Click to collapse
Sequel: "Why I now sleep on the couch"
roirraW edor ehT said:
New movie: "Honey, I disabled half of your apps!"
Click to expand...
Click to collapse
Translation: "Honey half your apps were spyware, can we still be friends after the divorce?"
Lughnasadh said:
Sequel: "Why I now sleep on the couch"
Click to expand...
Click to collapse
"...and use the cat's litterbox..."
roirraW edor ehT said:
Since this is my wife's phone, not mine, I'm not willing to micro-manage to try to find the culprit. It would only cause her stress and because of that, ultimately more stress for me.
I'll certainly keep an eye on what it reports, but since so far it's only reported things from my wife's phone and not my own or any of our computers, I'm going to keep being curious about what exactly is triggering it.
Thanks for that information! In this case, she doesn't have the Audible app.
Ah, I forgot about DuckDuckGo app's advertised capability. I'll take a look into it. Thanks!
Click to expand...
Click to collapse
Try scanning with Malwarebytes. Virustotal is the gold standard as it gives a broad overview to what's there and how it behaves.
Brave browser is near bulletproof.
Always try to back out of a bad site by closing that window if necessary or close the browser. Occasionally I needed to clear the cache as well. Never needed to clear the data but have seen some really persistent bad sites. No breach though save that one trojan preloader.
Abnormal behavior should be promptly investigated and the cause found.
Never ignore it... and teach her new tricks.
blackhawk said:
I rarely sample apps. All my apps are vetted and most have been used by me for years. Playstore is a mess. I keep installable copies of all my apps on my data drive (SD card) master backup for easy reloads if I need to factory reset. I occasionally side load, these are always first scanned with Virustotal. If they even look a little twitchy they aren't loaded. I firewall block all apps that implicitly don't need internet access. I also watch what is accessing the internet, when and why.
Apps are never upgraded unless it would provide a substantial benefit. There's no need to as I already have a stable platform. I don't upgrade or update the firmware, ever. This 3 yo N10+ is still running snappy fast and rock solid stable on Pie. Any problem is easy to stop as the platform is very predictable; malware stands out like a sore thumb. The current load is over 2yo and it runs day after day like a bat out of hell with minimal maintenance. I also watch the download folder like a hawk; everything is vetted before it is moved into the database, apps, mp4's, jpegs etc. At the very least I open the file in the download folder to look for abnormal behavior especially in that folder.
I've had malware jpegs on Android, once you open it, it would damage any files not in a folder in the download folder. Some were repairable some not and best deleted. Deleting the jpeg ends it's rain of terror. If it gets into the database in a folder with a large number of files it would rain hell down on you. It may not be detectable at all as malware meaning you would need to find it the hard way.
There are scripted jpegs, pngs that target both PC and Android. They pop up from time to time and Outlook can be a vector. Keel all email in the cloud ie Gmail. Be very cautious of downloading anything from emails, the oldest trick in the book. Lol, you've been warned
Also saw a trojan preloader slip past Samsung browser without permission. I tagged it in the download folder before it could download it's payload. KIA Police the download folder daily, delete any unknown files without opening them.
Vet everything.
Almost all malware is loaded or downloaded by the user, one way or another. Pie and above are secure unless you do stupid things. No saving dumb bunnies, you are what you load/download.
Click to expand...
Click to collapse
I mean I use FairEmail and have it set to only download images when I tell it to but other than that, I don't use much more than common sense for my security platform. I don't dabble a lot in random apps (sometimes I will grab a game from a new dev after I see some positive reviews for it somewhere but those F2P apps end up earning the devs more money in microtransactions than they would get from malware anyway so the risk is low here, especially since I only go for visually appealing games with some depth to them), I don't use a firewall, don't use AV... It's never been a problem going all the way back to Cupcake on my HTC Hero.
I do, however, take all updates within a few weeks of them being available (system updates I will do as soon as I get a prompt that they are available, app updates I manually do), and while that potentially exposes me to a zero day if one of my apps goes rogue, lots of pre-existing loopholes get closed by these same updates as well.
For that matter, going back to my first computer when I was 8 or 9 years old running DOS, I've only ever gotten one bug that was nasty enough for me to have to reinstall everything, a trojan, and I got it from some software I grabbed from a BBS IIRC. I don't run more than Windows Defender these days and I continue to just use common sense on the internet. Most of my important stuff is backed up to my Google Drive anyway so my desktop can get nuked and I'll just have to saturate the gigabit connection for a few hours to download all my apps and games again. *shrug*
I do use Bitwarden for passwords and Authy for 2FA (as well as having YubiKey for a few things like Google, Microsoft, and Bitwarden) as I feel that those are common sense in the world we live in but I just don't see the point otherwise.
I do use VirusTotal from time to time if I'm not sure about something as well.
blackhawk said:
Try scanning with Malwarebytes. Virustotal is the gold standard as it gives a broad overview to what's there and how it behaves.
Click to expand...
Click to collapse
Absolutely. I got her to install it - later when we're both not working, I'll work with her to have it do its thing. I meant to mention in my earlier reply, to thank you for that advice.
blackhawk said:
Brave browser is near bulletproof.
Always try to back out of a bad site by closing that window if necessary or close the browser. Occasionally I needed to clear the cache as well. Never needed to clear the data but have seen some really persistent bad sites. No breach though save that one trojan preloader.
Abnormal behavior should be promptly investigated and the cause found.
Never ignore it...
Click to expand...
Click to collapse
I use Brave for select things, but to try to move her completely or even partly from Chrome to Brave would ultimately not be an effort well spent. I'm getting anxious just knowing how things would go.
blackhawk said:
and teach her new tricks.
Click to expand...
Click to collapse
My wife's habits are firmly planted. Mine are probably just a tiny bit less than hers, but obviously, I can't be objective.
EtherealRemnant said:
For that matter, going back to my first computer when I was 8 or 9 years old running DOS, I've only ever gotten one bug that was nasty enough for me to have to reinstall everything, a trojan, and I got it from some software I grabbed from a BBS IIRC.
Click to expand...
Click to collapse
Ugh, that reminds me of the time just about 20 years ago that back in my Norton AntiVirus days, there was a trojan that wasn't detected for weeks - I forget which one, but Symantec was not picking it up, and I had kept on reinstalling Windows XP on both my wife's and my desktops I built but ultimately they both would act crazy in some way. What a pain. Then when Symantec finally recognized what was going on and their definitions found the culprit, what a relief.
That was the only time I know that any of my devices were infected and rampant.
EtherealRemnant said:
I don't run more than Windows Defender these days and I continue to just use common sense on the internet.
Click to expand...
Click to collapse
Same here.
EtherealRemnant said:
Most of my important stuff is backed up to my Google Drive anyway so my desktop can get nuked and I'll just have to saturate the gigabit connection for a few hours to download all my apps and games again. *shrug*
Click to expand...
Click to collapse
I've "lost everything" (digital) so many times over the last 38 years, but my most important potentially life-altering things are backed up in the cloud, too, although using my own encryption for the most sensitive things.
roirraW edor ehT said:
Ugh, that reminds me of the time just about 20 years ago that back in my Norton AntiVirus days, there was a trojan that wasn't detected for weeks - I forget which one, but Symantec was not picking it up, and I had kept on reinstalling Windows XP on both my wife's and my desktops I built but ultimately they both would act crazy in some way. What a pain. Then when Symantec finally recognized what was going on and their definitions found the culprit, what a relief.
That was the only time I know that any of my devices were infected and rampant.
Click to expand...
Click to collapse
Yeah this was definitely in the early Norton days. That computer was running Windows 3.1. lol.
roirraW edor ehT said:
I've "lost everything" (digital) so many times over the last 38 years, but my most important potentially life-altering things are backed up in the cloud, too, although using my own encryption for the most sensitive things.
Click to expand...
Click to collapse
I have been incredibly lucky. I have never even had a hard drive fail to the point of any significant loss. I actually still have the 320GB Seagate that was in my grandfather's old Gateway P3 from the early 2000s and it still works fine.
But my stupid self has definitely done the "let's get drunk and mess with Linux" thing... Which has absolutely resulted in some loss lol, especially back in the LILO days when the installers could easily wipe out your Windows partition when they bugged out and also sometimes when I just messed up the partitioning myself.
Fortunately, there's not much that I absolutely have to have, so even if I lost absolutely everything, the biggest headache would be recovering my bank/credit union accounts (of which I have like 23 credit cards alone right now) and online accounts like XDA and reddit. Social media I could just start over. Or not start back up at all for that matter.
Also, I tried Brave... Can't do it. It's Chrome or nothing for me. It was hard enough to switch from Firefox to Chrome (I had been using Firefox since it was in alpha as Phoenix) but I'm just too set in my ways to switch to anything else now.
EtherealRemnant said:
Yeah this was definitely in the early Norton days. That computer was running Windows 3.1. lol.
Click to expand...
Click to collapse
I forgot - I guess I don't count my pre-XP days as far as viruses and trojans. Definitely had some on probably almost every Apple/Amiga/Windows OS I ever ran before XP. Security? What security!?
EtherealRemnant said:
I have been incredibly lucky. I have never even had a hard drive fail to the point of any significant loss. I actually still have the 320GB Seagate that was in my grandfather's old Gateway P3 from the early 2000s and it still works fine.
Click to expand...
Click to collapse
That is lucky. I'm not on the opposite spectrum of hard drive experience, but I definitely have run the wheels off of many hard drives.
EtherealRemnant said:
Also, I tried Brave... Can't do it. It's Chrome or nothing for me. It was hard enough to switch from Firefox to Chrome (I had been using Firefox since it was in alpha as Phoenix) but I'm just too set in my ways to switch to anything else now.
Click to expand...
Click to collapse
A few months ago I largely switched back to Firefox, but I still use Chrome for certain things, and I do use Brave for a very few things. A couple of years ago, I was liking Microsoft's Chromium-based Edge just fine, but then they changed just one little thing - which made it many more clicks than in Chrome or other browsers if you wanted to potentially change your download save location for each and every download.
There were a ton of complaints to Microsoft but they wouldn't reinstate the original way. I'd have no problem if they at least let users opt to use the way they used to, but fell on deaf ears. I switched back to Chrome after that - Edge was just too much of a pain for micro-managed downloads.
EtherealRemnant said:
I mean I use FairEmail and have it set to only download images when I tell it to but other than that, I don't use much more than common sense for my security platform. I don't dabble a lot in random apps (sometimes I will grab a game from a new dev after I see some positive reviews for it somewhere but those F2P apps end up earning the devs more money in microtransactions than they would get from malware anyway so the risk is low here, especially since I only go for visually appealing games with some depth to them), I don't use a firewall, don't use AV... It's never been a problem going all the way back to Cupcake on my HTC Hero.
I do, however, take all updates within a few weeks of them being available (system updates I will do as soon as I get a prompt that they are available, app updates I manually do), and while that potentially exposes me to a zero day if one of my apps goes rogue, lots of pre-existing loopholes get closed by these same updates as well.
For that matter, going back to my first computer when I was 8 or 9 years old running DOS, I've only ever gotten one bug that was nasty enough for me to have to reinstall everything, a trojan, and I got it from some software I grabbed from a BBS IIRC. I don't run more than Windows Defender these days and I continue to just use common sense on the internet. Most of my important stuff is backed up to my Google Drive anyway so my desktop can get nuked and I'll just have to saturate the gigabit connection for a few hours to download all my apps and games again. *shrug*
I do use Bitwarden for passwords and Authy for 2FA (as well as having YubiKey for a few things like Google, Microsoft, and Bitwarden) as I feel that those are common sense in the world we live in but I just don't see the point otherwise.
I do use VirusTotal from time to time if I'm not sure about something as well.
Click to expand...
Click to collapse
I'm still running W7. It's kept off the internet always. Android is a lot easier to keep secure.
Updates sound good in theory just like the Covid vaccine did. In actual practice they cause trouble and aren't needed. It's an ongoing experiment at this point and it's simply running too good to mess with the firmware. I refuse to.
Pie is pretty secure in real time with a few modifications. I keep wifi disabled as well. At this point I'm curious to see if anything can nail it. Lol, I test it everyday. A reload isn't very painful for me and everything is redundantly backed up.
App updates have caused me a lot of time and trouble particularly with Samsung. Got a pair of Buds+ that the last firmware update degraded the sound badly, need to get Samsung to reflash to its original firmware. My new Buds+ sound great with much better range; that firmware will never be upgraded. Upgrades and updates tend to break Samsung's... best to leave it be if it's fast, stable and fulfilling its mission. That strategy may sound counterproductive but it works well for me in real time.
That's all that counts.
Pcap droid app from the Google app store or download the apk from f-droid: it's a superb app.Here are some sample screenshots:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
step 1- root wife's phone
step 2- install netguard
step 3- install afwall+
step 4- check the logs from each and cross-reference which app is the problem
step 5- profit. have her make you sandwich
xxTECRAxx said:
step 1- root wife's phone
step 2- install netguard
step 3- install afwall+
step 4- check the logs from each and cross-reference which app is the problem
step 5- profit. have her make you sandwich
Click to expand...
Click to collapse
Thanks, but I was trying to indicate that root isn't an option I'm interested in for her phone. That is, she's not interested, and it would be especially disruptive to her now that we've had our factory unlocked Pixel 7 Pros for over six months, plus it's just less work for me to not bother rooting her phone and keeping it up to date manually.
In addition, with her phone not rooted, and the bootloader still locked, I feel better about her running whatever random games she plays.
I haven't had any notifications about that site being blocked in a while. The most recent email I found about it was from December, although I don't know if I might've deleted emails that came after that, but I think I purposefully kept only the most recent example.
I'll keep your information in mind if I ever experience anything like that coming from my devices (I always root them).