Hi friends,
Today I did a most unwise thing: I left my smartphone in a repair shop without wiping all my personal data off of it. Now I'm afraid I may have fallen victim of stolen personal data.
I know this was plain dumb. I now ask myself what sort of trace that may have left behind. Log files? Perhaps Android somehow has recorded all access there has been to my files? I'm guessing the phone was connected by USB to a PC. Even if there is no such thing - or in the event that the phone was subjected to the creation of a some sort image file containing all its contents - maybe I can even rely upon some forensic tools in order to find out what interaction there has been with my phone during the hours I left it at the shop?
Phone: Vodafone Smart Prime 6 (VF-895N).
Android 5.0.2 Lollipop
Many thanks for any tries on alleviating my pain.
zeph7r said:
Hi friends,
Today I did a most unwise thing: I left my smartphone in a repair shop without wiping all my personal data off of it. Now I'm afraid I may have fallen victim of stolen personal data.
I know this was plain dumb. I now ask myself what sort of trace that may have left behind. Log files? Perhaps Android somehow has recorded all access there has been to my files? I'm guessing the phone was connected by USB to a PC. Even if there is no such thing - or in the event that the phone was subjected to the creation of a some sort image file containing all its contents - maybe I can even rely upon some forensic tools in order to find out what interaction there has been with my phone during the hours I left it at the shop?
Phone: Vodafone Smart Prime 6 (VF-895N).
Android 5.0.2 Lollipop
Many thanks for any tries on alleviating my pain.
Click to expand...
Click to collapse
Well, you can try reading some logs with CatLog app. There isn't much else to know except don't forget to wipe /data!
Hi,
I am looking for some help with a problem I am experiencing with a recently purchased Lenovo A936, (Golden Warrior). I hope this is the right place to post.
I bought this smart phone from China and have been SO impressed with its performance, it is fast and has a great camera. However, I kept getting unwanted programs popping up so I installed AVG antivirus. It initially identified some 8 threats about 3 of these threats were apps that were installed by the vendor and were not able to be uninstalled, It was possible to remove the remaining threats apart from one which it stated “1 setting is not secure, the device is running in high privilege mode, it has been rooted”
I think Lenovo are responsible manufacturers so I guess the retailer has put some nasty stuff on this phone, I have been able to use the phone for a few months by regularly deleting unwanted programs flagged up by AVG but it has got progressively worse to the point when there are now 10 threats that cannot be removed and there are some pop ups that seem to have hijacked the AVG as they come up on top when I open AVG making it impossible for me to access AVG. I usually switch off at this point!
Sorry about the rather lengthy description above but my question is can I recover this phone? Is it possible to wipe everything off, (rather like formatting a computer hard drive), and reinstall the proper android operating system – is the operating system available as a down load? If it is possible to down load, how would this be done, get it on a computer and then connect the phone to the computer? I have android 4.4.4 could I put a later version on? If this is done, can I be sure that al the functions will work – for example does it need drivers for the camera etc. I dont really want to reduce this phone to an expensive paper weight but it looks like I have little to loose now as it is not usable apart from the camera.
I would be eternally grateful if someone could offer some advice, (suitable for a not-too-techy).
Thanks in anticipation,
john.
my phone is infected with a virus that has imbedded itself in my system settings, any anti malware apps used do not detect it. when plugging my phone into my computer (for developer access) it began to install the device driver. once the "device driver" installed it took all administrative use away from me and locked all drives. I do not have ABD access or any computer access at this point. this phone has killed 3 laptops and a desktop. the only way ive been able to partially stop the virus is using a firewall to block it. since my phone is NOT rooted I cannot delete system files containing the virus. I noticed the virus will edit apps and system functions to try and hide itself (Google play services) for example. someone is using a form of remote access to control things and change settings. it is possible that someone (close family or friend) may have gotten their hands on it to install the virus. factory reset does nothing as the virus is stored in system settings. phone cannot be hooked to Pc without severe repercussions. I cannot gain root access through any rooting apps for some reason. only tried to access system settings. I believe the virus may be using KNOX for execution but that is just a theory. Sanding galaxy S6. I HAVE TRIED EVERYTHING. please please help me. -jesse
Pretty hard for an android to get infected by any kind of virus, especially if not rooted.
Maybe it's made specifically to deal and block access from Windows, so maybe try Linux to deal with it?
Defeated01 said:
my phone is infected with a virus that has imbedded itself in my system settings, any anti malware apps used do not detect it. when plugging my phone into my computer (for developer access) it began to install the device driver. once the "device driver" installed it took all administrative use away from me and locked all drives. I do not have ABD access or any computer access at this point. this phone has killed 3 laptops and a desktop. the only way ive been able to partially stop the virus is using a firewall to block it. since my phone is NOT rooted I cannot delete system files containing the virus. I noticed the virus will edit apps and system functions to try and hide itself (Google play services) for example. someone is using a form of remote access to control things and change settings. it is possible that someone (close family or friend) may have gotten their hands on it to install the virus. factory reset does nothing as the virus is stored in system settings. phone cannot be hooked to Pc without severe repercussions. I cannot gain root access through any rooting apps for some reason. only tried to access system settings. I believe the virus may be using KNOX for execution but that is just a theory. Sanding galaxy S6. I HAVE TRIED EVERYTHING. please please help me. -jesse
Click to expand...
Click to collapse
Sounds like a nasty one! Yes "friends" & family could have installed it, physical access makes it easier, but maybe more likely you downloaded a dodgy app (some have been known to wait weeks before acting), or a website tricked you with an overlay to install a malicious file .... or benign app may have downloaded something worse ....
Did all your computers get compromised over your network or did you plug phone in individually to each? Isolate each from each other and try to recover individually, but first check your router & reflash that with new password if required as it's a possible route for reinfection so to usb etc
You may have to reflash stock Samsung ROM (will loose all photos etc) as CLEAN install. But before that look at settings>apps>burger menu>special access and disable any apps that have given themselves special rights eg in "device admin apps". Also look at other special settings and disable any suspicions apps (or most even eg in "apps that can appear on top" if you are still getting issues), repeat for other sections in special access eg install unknown apps, data access etc etc (I don't have an S6 but it should be similar to above on S6 depending on software version)
Also try boot phone into "safe mode" hopefully that will stop malicious app running.
Submit any suspect files to virustotal and/or any virus company for analysis if not identified yet. (logs might given you some clues as to source depending on cache)
Then you should be able to root to fix or just flash latest stock (maybe install Lineage OS if S6 not getting regular security updates anymore)
Delete RAT From Your Device Easily
The appearances of RAT on your phone is really a bad sign for you because it is not only capable to ruin your device badly but also endangers privacy. RAT is also capable to cause various serious damages, so you must opt RAT removal tricks after noticing it's any symptom on your device.
I have been using galaxy devices after my iPhone got hacked and it was a relief since then but till now only. The threat i am going to put forth is very complicated yet true and it exists in both of my galaxy devices i.e Samsung Galaxy S8+ (Snapdragon) as well as Samsung Galaxy Note 8 (Snapdragon).
THE PROBLEM:
My both Samsung phones are remotely accessed by someone. Everything i do on screen is being monitored by someone as well as the camera and microphone are being controlled. I know this because my earlier phones(Apple iPhone 6 and VivoY91c) used to be hacked and the hacker would tell me everything i do on screen, every person i chat with, every site i visit, everything that i do on my phone was being monitored. And now same is the case with Samsung. Nothing is private. I even tried to install an app called "screensings" but it was also bypassed very soon.
THE SYMPTOMS:
Strangely, I do not have any symptoms like battery drain, ads, unknown apps or anything of that nature. My phone location changes to "Redkino, Russia" it seems to me by all aspects that I am in Russia. my weather, the ads on Youtube, the people nearby me in apps, friend suggestions on facebook and snapchat. It feels like this phone is physically in Russia. From weather to apps to everything. Even if i see things for sale of OLX it shows Russian items.
THE PROCESS:
As far as I noticed this happens through any app that runs on one device at a time i.e KIK , What's app, Snapchat, Say HI, etc NOT through apps like facebook or twitter or instagram that can run at more than a device at a time. The experts can relate later what it means may be at the end of reading this narrative. Every phone i change , my whats app number remains the same and as soon as i install whats app in new phone or SayHi or Snapchat ID. As soon as i activate my account within an hour or two my phone gets to Russia. As i searched the hacker attaches some trojan through these apps that can be used in device at a time and that trojan drops payloads. The payload gets root access and after that my phone is being monitored and controlled.
MY EFFORTS:
I started with a normal restart. Did not work. I factory reset my phone. It did not work. I flashed the firmware with new custom rom. Didn't work for me. I finally managed to extract the PIT file of my stock firmware and RE-PARTIONED and NAND ERASED my phone and then installed new firmware. IT WORKED. Which indicated that the malware had reached to system partition. (WHCIH IS WHY I AM MAKING THIS COMPLAINT) my phone was back to normal i used it for long like months and then one day again i had the same issue. So i did the same i re-partioned and NAND earsed my phone. But now it will NOT work any longer. I do not know where is the malware hiding itself now. ? Do i have to change the board of my phone to get rid of it or do i have to change my device? i even flashed verizon firmware on my sprint phone so that may be it will kill the malware but it also did not work. Soon after new firmware my phone is ok as long as it is not connceted to internet / WIFI as soon as its connected it gets to Russian like within 5-8 hrs (after firmware flashing). 5-10 mins after(After factory reset) . I have to change both of my devices for now. But i Hope and pray that Samsung fixes it soon. Something is getting into the read only system and then after its gotten there Samsung's owns security system is protecting it from deletion.
ATTACHMENTS:
My attachments show clearly that i am at KDA KOHAT PK and REDKINO RUSSIA at the same time which is not possible. I even get the location of Russia house where my samsung devices are being monitored or cloned. This is the only sign or symptom but the problem is there for sure as i the whoever the hacker is selling my info is after me and everything i do on my phone is reaching him as it is as if she is watching me right from behind my shoulder. Please look into the matter and find out where lies the vulnerability from where a malware can access phone through an app over wifi and hides in system partition that is immue to factroy reset and afterwards some place where its immue to even flasing firmware NAND erase and re-parition.
I think it would have occurred to you after having both an Apple and an Android hacked that the problem is most likely you.
Or perhaps you have Dr No's grandson for a mortal enemy.
A social butterfly with all kinds of messaging apps running (none that I leave run on my phone), what could go wrong?
More than likely it's something you downloaded or loaded...
If the OS you flashed is earlier then Pie it's vulnerable to that type of attack.
A custom rom... built by who?
Here's the kicker; did the malware(s) slip by you onto all your data backups?
blackhawk said:
I think it would have occurred to you after having both an Apple and an Android hacked that the problem is most likely you.
Or perhaps you have Dr No's grandson for a mortal enemy.
A social butterfly with all kinds of messaging apps running (none that I leave run on my phone), what could go wrong?
More than likely it's something you downloaded or loaded...
If the OS you flashed is earlier then Pie it's vulnerable to that type of attack.
A custom rom... built by who?
Here's the kicker; did the malware(s) slip by you onto all your data backups?
Click to expand...
Click to collapse
Yes , my ex she is after me no matter how many phones i change as soon as i log in to my snap chat or whats app my phone gets hacked. the malware then makes it way to the bootloader earlier a firmware with re partition would do the job but now that is not working . soon after that like an hour or so my phone goes to russia. i am thinking to switch back to new iphone may be it will solve the hacking issue for me or andriod new device like samsung galaxy a32. what do u suggest. i am all fed up and exhausted.
waqassikander said:
Yes , my ex she is after me no matter how many phones i change as soon as i log in to my snap chat or whats app my phone gets hacked. the malware then makes it way to the bootloader earlier a firmware with re partition would do the job but now that is not working . soon after that like an hour or so my phone goes to russia. i am thinking to switch back to new iphone may be it will solve the hacking issue for me or andriod new device like samsung galaxy a32. what do u suggest. i am all fed up and exhausted.
Click to expand...
Click to collapse
Ditch the social apps... for starters.
People use to meet in the streets; the streets are fields that never die.
So far he has deleted all the bookmarks that I saved from this site. The phone RCS doesn't work anymore. They can listen to phone call and terminate them and spoof incoming calls. I sent one phone to Samsung to be reviewed. At the end of 3 week review they sent me a check for the phone and I bought another one from ATT and I still have this problem. So I would appreciate it if someone could give me some direction for this Flip 3. I like the phone. I am a engineer and designed a few devices using ESP32's. So I know how to flash. I just need to lock this phone down and I will deal with the computer problem later...
Infections across multiple platforms is almost unheard of... what did Samsung find?
It isn't an infection. They are exploiting both devices. I run Norton 360 on both systems. It only slowed them down. And they are 24/7 on me like ex NSA. They haven't stolen anything but they are malicious. Samsung never said. The only thing that said is to buy a different phone. ATT has a open fraud case open because they saw the Tag phone and I changed the phone number several times like some drug dealer with different sim cards.
I feel like I am in the movie Enemy of the State except I am Will Smith and Gene Hackman rolled up into one.
cjdee1 said:
It isn't an infection. They are exploiting both devices. I run Norton 360 on both systems. It only slowed them down. And they are 24/7 on me like ex NSA. They haven't stolen anything but they are malicious. Samsung never said. The only thing that said is to buy a different phone. ATT has a open fraud case open because they saw the Tag phone and I changed the phone number several times like some drug dealer with different sim cards.
Click to expand...
Click to collapse
AT&T has an open fraud case on you... or "them"?
Did malicious things? Losing bookmarks is pretty common and usually has nothing to do with being hacked.
Change Google account and password.
Reset all other accounts the same way on a clean Android. Allow no one physical access to the device and most importantly be careful what you install and download.
Most users don't need a hacker to stalk them; they do it themselves by careless installs and downloads. I'll remind you that XDA is a site filled with hackers... mostly peaceful.
I'm sorry for your troubles, most days hacking isn't needed. Really to get into someone's account these days you need personal information which is freely givin on social media and whatnot. You should get with Google and do a massive security checkup. Change password turn on 2FA...the whole swizzle. If all else fails, create a new account completely separate from the affected account/device and start fresh
I opened the Fraud case. They provided the documentation. This has been going on since last year. There was a white paper that came out in November how the media player was being use to hack in. I deal with this problem every day. One would think they would give up. I have another 20 computers in my office that I am replacing once I get my end under control.
Hmm... maybe move all your info to a new account (make the account on a different IP address so like have a friend make it maybe) cuz from my understanding- the hacker finds you on even a new phone? delete the accounts that are being hacked and uh- idk what else really
delete the apps that are being infected
Purge everything from everywhere and start fresh. Honestly Norton and other programs for virus protection aren't really helpful anymore. I do not see a point in using them when Microsoft does a great job just on their own. It's possible that it could be the cause most of the time anti-virus programs that aren't part of the main OS are the problem
Also another note, anything with a Snapdragon and made for the US is locked down. Means no flashing no anything. Best bet for a device us find a good old phone that has a lot of support and flash anything on it
Dr.Lost said:
Also another note, anything with a Snapdragon and made for the US is locked down. Means no flashing no anything. Best bet for a device us find a good old phone that has a lot of support and flash anything on it
Click to expand...
Click to collapse
If you go below Android 9 you will introduce a slew of high risk vulnerabilities including some the worst rootkits. If you're really concerned use the latest version of 12 with fully active scoped storage and the mess that it is...
In general don't use wifi on Androids.
Keep bluetooth off if not using.
Install only vetted apps. Scan with online Virustotal.
Keep all downloads in the download folder until vetted. Scripted malware jpegs, pngs are real and may evaded conventional detection. If they get into a database they will raise hell until deleted; open all jpegs in download folder before transferring them and check for changes in that folder
Keep all email in the cloud, avoid downloading any attachments unless absolutely necessary.
If malware is suspected, delete it or factory reset within 2 hours. Reset passwords.
Time stagger backups so they don't all get infected if there is an incident. Backup redundantly to 2 or more hdds that are physically and electronically isolated from each other and the PC. Use only a known clean PC to access those backups... cross platform malware jumping is rare, cross drive jumping is not.
blackhawk said:
Infections across multiple platforms is almost unheard of... what did Samsung find?
Click to expand...
Click to collapse
Unheard of? Absolutely not, rare on a cell phone, maybe? I don't know really but it is possible especially if OP pissed off the government
Good luck OP
When it comes time to switch to a new phone, ATT should be moving you to a new account with a fresh SIM. Don't transfer anything. Install anything you had fresh and set it up fresh. If they are giving you a new SIM or attaching the new phone to the same account and someone gained access to the account, they're still being fed every new number and IMEI.
As for pictures and stuff, get a USB-C compatible hard drive. Move it to that. Make sure your virus scanner on the computer is updated and either yank the LAN cable or turn off the router before connecting and scanning it. Once it's clean, connect the drive to the new phone and not the computer.
Sounds like someone cloned your ESN and SIM based on what they were doing. Synced items could be manipulated through a PC hack and one good run of the right software with your phone on the same network made it a phone issue.
Oh, and if they didn't or don't already do it, make sure ATT logs your previous devices "lost or stolen" to blacklist the IMEI. That should also make a clone useless for as long as it's a clone.
if you are suspecting a hack, then report to samsung members app > get help > error report asap for help from samsung's hacking issue team
luigi90210 said:
Unheard of? Absolutely not, rare on a cell phone, maybe? I don't know really but it is possible especially if OP pissed off the government
Good luck OP
Click to expand...
Click to collapse
If you download malware files a PC is suspectable to, yes, but generally an infection on an Android doesn't cross platform infect a PC.
It's important to nip any malware in the bud and to isolate that device immediately to limit damage. Any device with malware that I can't erraticate completely within 1 to 2 hours gets nuked, data and all, factory reset. Data is restored then via offline backups.
My PC never has internet access and that's one less huge vector for infection. Even then my backup data drives are isolated from the PC unless in use... multilayered security.
If the DOD, AEC, FBI etc are interested in you, you'll never know it unless they want you to know. When on stake out they always operate as teams. One team is high exposure to gain maximum information and maybe detected but a second picket fence approach team is already in place if the primary team is exposed. Of course they share all knowledge gleaned. The second team you will likely never detect.
Fun fact; field FBI Agents blend in, can be wearing blue jeans, orange vest, 3 piece, anything but low key and drive midrange priced cars that are slightly dirty. The way you ID them is by their behavior and at times location.
If you're not on their menu they may even have a benign friendly conversation with you. They are interesting to chat with.
There is an app on the phone com.qualcomm.atfwd Is that a valid program for this phone. I got my old CDMA phone up on t mobile I had the data turned off because it was useless to me. I came back home and I saw the 2 forks moving. The data was turned on and Norton firewall blocked entry and I had the wifi in airplane mode on the computer. Now I have skills, the average person would never know. This is why I need a phone that I can lock down.
I believe it started with the phone and then I used samsung pc software which hacked the computers that I used. I have all the 25 zip files from one phone before it got a change to load. Anybody interested in them?
The phones have 422 files installed.
cjdee1 said:
There is an app on the phone com.qualcomm.atfwd Is that a valid program for this phone. I got my old CDMA phone up on t mobile I had the data turned off because it was useless to me. I came back home and I saw the 2 forks moving. The data was turned on and Norton firewall blocked entry and I had the wifi in airplane mode on the computer. Now I have skills, the average person would never know. This is why I need a phone that I can lock down.
Click to expand...
Click to collapse
WiFi Screen mirroring.
cjdee1 said:
There is an app on the phone com.qualcomm.atfwd Is that a valid program for this phone. I got my old CDMA phone up on t mobile I had the data turned off because it was useless to me. I came back home and I saw the 2 forks moving. The data was turned on and Norton firewall blocked entry and I had the wifi in airplane mode on the computer. Now I have skills, the average person would never know. This is why I need a phone that I can lock down.
I believe it started with the phone and then I used samsung pc software which hacked the computers that I used. I have all the 25 zip files from one phone before it got a change to load. Anybody interested in them?
The phones have 422 files installed.
Click to expand...
Click to collapse
Interested in potentiality infected files?
Wanna do malware jpeg swap?
Seriously... scan them with online Virustotal.
I guess that could start over as a last resort. The funny thing is I don't do anything illegal. Who ever it is will be wasting time and costing me time. I am sure they are getting screenshots but I don't think that they do it live. On the PC I have zero'd out the drive but the bios is another way. It started when I backup the phone using different computers on my network.
cjdee1 said:
I guess that could start over as a last resort. The funny thing is I don't do anything illegal. Who ever it is will be wasting time and costing me time. I am sure they are getting screenshots but I don't think that they do it live. On the PC I have zero'd out the drive but the bios is another way. It started when I backup the phone using different computers on my network.
Click to expand...
Click to collapse
Is the router updated and secured? Lock it down even if you need help to set it up.
On the PC you should try to ID what the malware is and make sure the databases are clean of it before reloading. Protect all backup drives until the PC is known clean.
The bios can easily be reflashed.