Hello All!!
Tonight*I was reviewing different YouTube videos and I clicked on one and it started playing one of those ads that you get every once in a while in front of the actual video and all the sudden I saw the screen go blank and I started seeing what appeared to me to be like a dos window for lack of a better definition with some typing scrolling across and it said something to the effect of personal data gathered or something like that and really freaked me out so I pulled the battery & took my sd card out and booted it back up but I'm not sure exactly what the hell that was.
Have any of you seen anything like this?
I'm really concerned because I have a lot of personal and customer data on my phone.Is there anything I can use to scan it to see if something was able to be *installed? I don't think it had enough time to get any information out just in case it was able to install something but it really freaked me out.*I'm a microsoft network administrator but androids are out of my knowledge base.Any information would be greatly appreciated!Regards
ITAdmin said:
Hello All!!
Tonight*I was reviewing different YouTube videos and I clicked on one and it started playing one of those ads that you get every once in a while in front of the actual video and all the sudden I saw the screen go blank and I started seeing what appeared to me to be like a dos window for lack of a better definition with some typing scrolling across and it said something to the effect of personal data gathered or something like that and really freaked me out so I pulled the battery & took my sd card out and booted it back up but I'm not sure exactly what the hell that was.
Have any of you seen anything like this?
I'm really concerned because I have a lot of personal and customer data on my phone.Is there anything I can use to scan it to see if something was able to be *installed? I don't think it had enough time to get any information out just in case it was able to install something but it really freaked me out.*I'm a microsoft network administrator but androids are out of my knowledge base.Any information would be greatly appreciated!Regards
Click to expand...
Click to collapse
It is probably your browser crashed and started to collect crash info to submit to Google. Check if you can disable that or at least you can get a pop up window asking if you want to submit crash data to Google.
Install adaway and you won't get any ads playing on youtube...
Sweet! That makes sense as I have been having issues with my phone. Can't wait for my Saygus V Squared to show up!! That's going to be one great smartphone!
Thanks again for the help. Now I feel better that I didn't get compromised by a virus. Do android phones get viruses by the way? I've read both opinions that they do and don't? ?
Thanks again!
Tom
ITAdmin said:
Sweet! That makes sense as I have been having issues with my phone. Can't wait for my Saygus V Squared to show up!! That's going to be one great smartphone!
Thanks again for the help. Now I feel better that I didn't get compromised by a virus. Do android phones get viruses by the way? I've read both opinions that they do and don't? ?
Thanks again!
Tom
Click to expand...
Click to collapse
Probably didn't get compromised...
Every OS has viruses even linux, but at least on Android you can get under the hood (because it is open source unlike IOS or Windows). Let me give you an example: there are firewalls for Windows/IOS, but they all depend on Windows binaries. Only on Android (because it is based on open source Linux) you can have a firewall with its own binaries, which means that you can really restrict system and still have internet access. Try to disable internet access to system in windows and you won't have any internet access. And once you enable it, all bets are off, because windows can freely communicate with Microsoft servers and who knows what others, which could be exploited by anyone.. So, if you don't want to have viruses in Windows, don't use the internet...
I think that answers the question.
Here is a Link a video I just posted on YouTube showing what I'm referring to below did blur out any and all of my personal information, I hope that it does not violate and rules, laws, or policy's. *Side note I somehow messed up the audio & I don't usually sound like a dude
I don't know the correct place for this post even after reading the thread for such things and I did try the search function and still was unsure.
If this post is deleted for incorrect topic forum please advise me of the correct place, if there is one.
I am having this weird thing going on with my phone and I cannot find anything similar to the issue online, and it's highly probable it's somehow user error.
Since I don't know where to turn to for advise (I am aware factory resetting it will probably resolve it but I want to know what is causing it as well as fixing the issue), I figured I would start here as this has been the best source of information on past android questions I've had in the past.
I have contacted the Varo Bank (the new Varo Bank app) support and their developers through the their beta tester app. No response yet (5 days).
The reason for this post... Over the past 2 weeks or so I will hear a (new) tone then my phone opens up my main banking app (Varo Bank). This happens again and again sometimes it only happens a few times a minute others it's 6-7 times in a minute to where my phone is nearly unusable. It can happen anytime my phone is unlocked including while I'm on a call, after restarting phone, on and off wifi, cellular, &/or airplane mode, even while I am already in the banking app. I originally assumed it had to do with some sort of shortcut or where it was located on my home screen. So first I moved it, then when that didn't work, I deleted it for every page except my app drawer. Since non of those issues resolved the issue, I checked for software updates of both my phone and the app itself, yet they were both at the most recent versions. Although I NEED the app for obvious reasons, I decided to uninstall the app. After it was uninstalled I restarted my phone and as soon as I unlocked it I heard the "Ba Ding" sound again, but this time it took me to the Google play store for the same Varo Bank app I had just uninstalled. At this point I joined their beta testers then reinstalled the Beta version of the Varo Bank hoping that if it is the banking app that's causing the issue that would resolve it or I would have a better chance of contacting their developer's or technical support. I have sent 2 emails to their general Support and left a comments on the play store for the app which goes to the developers and is not a public comment. It has been 5 days and I have yet to get a response that wasn't autogenerated.
Sorry for the poorly written, LONG post, this is just driving me crazy. Thanks in advance for any advice, comments or possible direction on where to turn for answers or support.
Lisa Nicole
Hi, to me this sounds like a really terrible bug on the banking app you are using or a virus. Would assume the latter.
I have two separate banking apps on my phone and never ever experienced my apps opening on thier on, even redirecting me to install it again after uninstall.
If it were a phone bug, it would do this with any app not just your banking app.
I could be wrong in my assumptions, just trying to advise you to be careful.
I would, backup my data, format and start fresh.
@soka said:
Hi, to me this sounds like a really terrible bug on the banking app you are using or a virus. Would assume the latter.
I have two separate banking apps on my phone and never ever experienced my apps opening on thier on, even redirecting me to install it again after uninstall.
If it were a phone bug, it would do this with any app not just your banking app.
I could be wrong in my assumptions, just trying to advise you to be careful.
I would, backup my data, format and start fresh.
Click to expand...
Click to collapse
Ya I figured as much, I just really loathe the thought of having to do a fresh install, because my phone storage organization is non existent. Regardless I'm hoping to draw some attention to the issue, with whatever the issue may be. Varo the name has been around for awhile, but they just recently became an actual independent bank (they were under Bank Corp before.
I can't be, nor will I be the only customer with this issue not to mention it's my understanding that you "have" to use the app, due to very limited web capabilities. I have not verified that myself though.
So we'll see if this helps get since attention for the issue
I am getting the same error, but only with the Varo app, nothing else.
I have the same issue that just started this week on my Pixel 7. Did you just add it to your GPay or Wallet recently?
don't even know where to begin to explain the world I live in and this is the best place I can think of or somebody could possibly answer what the hell is happening.. no I will try to keep this summarized and not going to too much detail other than with the technical aspect.. so my girlfriend was going into my phone and I'm sure she was trying to get into everything possible like my Google account Instagram lineapp what'sapp snapchatocrosoft account amazon.account VK, everything... Now I'm sure somewhere along that she synced her phone because obviously a bunch of my files now ended up on her phone making her think that I somehow installed some virus to her phone which now in her mind she feels like if the phone's messing up or if the router is Messing up which my assumption is she was in the router messing around with settings and now she doesn't have internet when she goes to solve this problem she goes out and uses Wi-Fi elsewhere and now when she went back to the house she couldn't go to the Internet service provider website to be able to mess with the settings on the blue curve router from Shaw because her phone was saying she was in the states we live in canada. She's under the impression I've gone to some third party app site that allowed me to get some firmware that her words has mirrored her storage and it was my way of blocking her ability to see twitch and discord because I was obviously hiding that because I was talking I assume with other women on it ...
Alot of the issue started with the fact that I used to play a game called magic Rush and I had shared my account or given it let's say a player that continued on with it.. obviously giving the Google account because it was binded is the email to the account, caused a s*** storm of problems.. password manager was all synced across his device anything he downloaded in his Play store showed up in my history just making it look like I just deleted it.. she feels like I'm hiding files on my computer or my phone because of some of the apps he had downloaded the other guy in Guatemala that I had shared the account with he had a calculator app that was a vault for hiding files like pictures.. she's literally accused me of everything under the sun thought somehow Steam my Steam account was being used to talk to other girls or somehow I was hiding files because she would take a random file from Steam in one of the folders and when she tried to open it with when we are it would just show up like random numeric code complete gibberish and this is why I must have been hiding files I must have been encoding them because I had things like notepad++ and irfanview, she's told me that I've cloned her SIM card and I have a VPN in the states so I can use things like Vox talk or w.e phone app that's just for the states.. I'm on an s10 plus and she's on an s10 so now that we kind of got the Guatemala guy off the account there is still weird s*** going on she went into developer tools on Google Chrome and it looked at the source code when you're looking at the Google activity when you're logged into the account and it had lots of words like null and hidden and she was swearing up and down thinking that this was proof that I was being shady..
Does anyone have any idea what could have possibly moved my files onto her account whether that be through her signing into my Google s*** but I mean yeah she feels like my phone's infected her phone or my computer has infected hers and I think it was just her and experience self somehow enabling it to like share all files I don't know I can't tell you everything she's possibly gotten into but she's clicked on everything a woman could click on oh and side note if you reach this far and you read all this thank you for taking the time because this is a serious issue in my life right now this was also in the beginner or new help thread I will also attach pictures the cheese sent me over the last month or so showing that I was being shady and did some s*** to her phone that I had rooted it or mirrored her storage
BoosieBC said:
don't even know where to begin to explain the world I live in and this is the best place I can think of or somebody could possibly answer what the hell is happening.. no I will try to keep this summarized and not going to too much detail other than with the technical aspect.. so my girlfriend was going into my phone and I'm sure she was trying to get into everything possible like my Google account Instagram lineapp what'sapp snapchatocrosoft account amazon.account VK, everything... Now I'm sure somewhere along that she synced her phone because obviously a bunch of my files now ended up on her phone making her think that I somehow installed some virus to her phone which now in her mind she feels like if the phone's messing up or if the router is Messing up which my assumption is she was in the router messing around with settings and now she doesn't have internet when she goes to solve this problem she goes out and uses Wi-Fi elsewhere and now when she went back to the house she couldn't go to the Internet service provider website to be able to mess with the settings on the blue curve router from Shaw because her phone was saying she was in the states we live in canada. She's under the impression I've gone to some third party app site that allowed me to get some firmware that her words has mirrored her storage and it was my way of blocking her ability to see twitch and discord because I was obviously hiding that because I was talking I assume with other women on it ...
Alot of the issue started with the fact that I used to play a game called magic Rush and I had shared my account or given it let's say a player that continued on with it.. obviously giving the Google account because it was binded is the email to the account, caused a s*** storm of problems.. password manager was all synced across his device anything he downloaded in his Play store showed up in my history just making it look like I just deleted it.. she feels like I'm hiding files on my computer or my phone because of some of the apps he had downloaded the other guy in Guatemala that I had shared the account with he had a calculator app that was a vault for hiding files like pictures.. she's literally accused me of everything under the sun thought somehow Steam my Steam account was being used to talk to other girls or somehow I was hiding files because she would take a random file from Steam in one of the folders and when she tried to open it with when we are it would just show up like random numeric code complete gibberish and this is why I must have been hiding files I must have been encoding them because I had things like notepad++ and irfanview, she's told me that I've cloned her SIM card and I have a VPN in the states so I can use things like Vox talk or w.e phone app that's just for the states.. I'm on an s10 plus and she's on an s10 so now that we kind of got the Guatemala guy off the account there is still weird s*** going on she went into developer tools on Google Chrome and it looked at the source code when you're looking at the Google activity when you're logged into the account and it had lots of words like null and hidden and she was swearing up and down thinking that this was proof that I was being shady..
Does anyone have any idea what could have possibly moved my files onto her account whether that be through her signing into my Google s*** but I mean yeah she feels like my phone's infected her phone or my computer has infected hers and I think it was just her and experience self somehow enabling it to like share all files I don't know I can't tell you everything she's possibly gotten into but she's clicked on everything a woman could click on oh and side note if you reach this far and you read all this thank you for taking the time because this is a serious issue in my life right now this was also in the beginner or new help thread I will also attach pictures the cheese sent me over the last month or so showing that I was being shady and did some s*** to her phone that I had rooted it or mirrored her storage
Click to expand...
Click to collapse
Lol! Seems like you are really under some big trouble...
By the way, did you check if partner sharing in on? And did you add her as a family member to your google account and granted permissions for her account to access yours? Check these first. Google them if you don't know how to...
And maybe prove her that her phone isn't rooted and show her that even Knox in her S10 isn't tripped concluding that you didn't do anything and maybe proving her they might have happened by mistake.
Venkata Lochan Nune said:
Lol! Seems like you are really under some big trouble...
By the way, did you check if partner sharing in on? And did you add her as a family member to your google account and granted permissions for her account to access yours? Check these first. Google them if you don't know how to...
And maybe prove her that her phone isn't rooted and show her that even Knox in her S10 isn't tripped concluding that you didn't do anything and maybe proving her they might have happened by mistake.
Click to expand...
Click to collapse
So I check partner sharing and I believe that's a part of the Google photos side of Google nothing seems to be enabled I also found some other pictures that explain some of my pain I must have been encoding my drive because of the
BoosieBC said:
So I check partner sharing and I believe that's a part of the Google photos side of Google nothing seems to be enabled I also found some other pictures that explain some of my pain I must have been encoding my drive because of the
Click to expand...
Click to collapse
Hmmm. Maybe try proving your innocence by the way I said..
She reads root and thinks ta da, it must be rooted... I explained all that does is allow people to like tweak their phones better sort of like jailbreaking but there's no convincing her of that
BoosieBC said:
She reads root and thinks ta da, it must be rooted... I explained all that does is allow people to like tweak their phones better sort of like jailbreaking but there's no convincing her of that
Click to expand...
Click to collapse
Try proving in a way like using a root checker.
Get some one else's device and show the same root certificates...
This may help.
And did you show her that her KNOX is still intact and it did not trip.? If no, first do it... that way, you could prove that nothing just happened to her device and its still secure and not rooted.
Then maybe you could give her other explanations...
She's going to spin it like this, that I'm somehow rooting her messages like sending them off she also feels a cloned SIM card and thinks I'm just a f****** monster like I'm literally a cat playing with a mouse and torturing the person by watching them squirm with their phone and to be honest I've lost all effort and trying to defend it trying to figure out why when you take a file from Steam and go to unzip it with one RAR it shoots out weird numerical wingding.fonts I explained The Root checker thing to her and she didn't even want to check it meaning that she just doesn't know the right words to explain it to me when she says I may actually get her to come on this thread and f****** explain everything that's happening to her s*** because yeah man it's it's a serious problem
BoosieBC said:
She's going to spin it like this, that I'm somehow rooting her messages like sending them off she also feels a cloned SIM card and thinks I'm just a f****** monster like I'm literally a cat playing with a mouse and torturing the person by watching them squirm with their phone and to be honest I've lost all effort and trying to defend it trying to figure out why when you take a file from Steam and go to unzip it with one RAR it shoots out weird numerical wingding.fonts I explained The Root checker thing to her and she didn't even want to check it meaning that she just doesn't know the right words to explain it to me when she says I may actually get her to come on this thread and f****** explain everything that's happening to her s*** because yeah man it's it's a serious problem
Click to expand...
Click to collapse
Ohh MMAAANNN, this is too much..
Is she still mad at you? first try calming her down. Get another device from your friend or someone else if possible and show her that every Android has such things. If she still doesn't believe, ask her to get on XDA and try a conversation with the XDA senior/staff members about all her doubts...
Try your best.
Know something? These XDA guys are really awesome. They help a lot if required.
She's going to spin it like this, that I'm somehow rooting her messages like sending them off she also feels a cloned SIM card and thinks I'm just a f****** monster like I'm literally a cat playing with a mouse and torturing the person by watching them squirm with their phone and to be honest I've lost all effort and trying to defend it trying to figure out why when you take a file from Steam and go to unzip it with one RAR it shoots out weird numerical wingding.fonts I explained The Root checker thing to her and she didn't even want to check it meaning that she just doesn't know the right words to explain it to me when she says I may actually get her to come on this thread and f****** explain everything that's happening to her s*** because yeah man it's
Bro we've gone to war over this and the f***** up part is right now it's like she's like just admit it and we can get past it... And it's like first off I'm not doing it she thinks that because I used to run a video game back in the day which was a pre-compiled server that I didn't have to do any sort of coding whatsoever other than edit like Lua and XML she feels like I'm this master coder but I'm not.. also I don't have the willpower and determination to learn or care enough to getting into her phone I just asked her to show me what I wanted to see and if she didn't want to show me it then I would have a problem I would not go about the same matter by like hacking her phone... So her she's like well if you're going to keep lying well then I can't be with somebody that's going to keep lying.. well.fk... I am going to get her on here cuz I really would like to figure out what f*** this all up
BoosieBC said:
She's going to spin it like this, that I'm somehow rooting her messages like sending them off she also feels a cloned SIM card and thinks I'm just a f****** monster like I'm literally a cat playing with a mouse and torturing the person by watching them squirm with their phone and to be honest I've lost all effort and trying to defend it trying to figure out why when you take a file from Steam and go to unzip it with one RAR it shoots out weird numerical wingding.fonts I explained The Root checker thing to her and she didn't even want to check it meaning that she just doesn't know the right words to explain it to me when she says I may actually get her to come on this thread and f****** explain everything that's happening to her s*** because yeah man it's
Click to expand...
Click to collapse
Wait, why did you just resend an old msg of yours...? Doesn't make sense
BoosieBC said:
Bro we've gone to war over this and the f***** up part is right now it's like she's like just admit it and we can get past it... And it's like first off I'm not doing it she thinks that because I used to run a video game back in the day which was a pre-compiled server that I didn't have to do any sort of coding whatsoever other than edit like Lua and XML she feels like I'm this master coder but I'm not.. also I don't have the willpower and determination to learn or care enough to getting into her phone I just asked her to show me what I wanted to see and if she didn't want to show me it then I would have a problem I would not go about the same matter by like hacking her phone... So her she's like well if you're going to keep lying well then I can't be with somebody that's going to keep lying.. well.fk... I am going to get her on here cuz I really would like to figure out what f*** this all up
Click to expand...
Click to collapse
First relax, tell her that you will ignore this all first get past it. Later, when every you are free and happy with something, you could explain her everything slowly.... Don't you think this will work out?
My wife and I have have an s8 and a Note 8. We love our phones, and we don't really like the new phones. However, Samsung has decided to end security updates this year on these models.
Are there other alternative ways to get security updates, so our data is not at risk?
If you're running on Pie I wouldn't worry.
My Note 10+ has had any updates in over a year.
No issues. I've run outdated Androids for years with no malware forced reloads.
React quickly though to any suspected malware; if you can't delete it, factory reset.
Be ready to reload at anytime as you should be anyway. Keep at least 2 redundant copies of all critical data on at least 2 hdds that are physically and electronically isolated from each other.
Most malware infections are the result of the user doing something they shouldn't do.
Just watch what you download (check the download folder regularly), be careful what you install, and use a cloud app like gmail for email.
Keep trash apps like FB, WhatsApp etc off the phone. Use Brave browser and install Karma Firewall (freeware with almost no battery usage).
I avoid using wifi always. There's also a long standing bluetooth hacking vulnerability in pre Q OSs... be aware of that.
Pre Pie OS's are suspectable to rootkits that require a reflash to exterminate.
Scan with Malwarebytes every week or so; it picked off 2 nasty trojan preloaders for me before they could be activated about a year ago.
Use online Virustotal to scan any apk or file you're not sure about.
blackhawk said:
If you're running on Pie I wouldn't worry.
My Note 10+ has had any updates in over a year.
No issues. I've run outdated Androids for years with no malware forced reloads.
React quickly though to any suspected malware; if you can't delete it, factory reset.
Be ready to reload at anytime as you should be anyway. Keep at least 2 redundant copies of all critical data on at least 2 hdds that are physically and electronically isolated from each other.
Most malware infections are the result of the user doing something they shouldn't do.
Just watch what you download (check the download folder regularly), be careful what you install, and use a cloud app like gmail for email.
Keep trash apps like FB, WhatsApp etc off the phone. Use Brave browser and install Karma Firewall (freeware with almost no battery usage).
I avoid using wifi always. There's also a long standing bluetooth hacking vulnerability in pre Q OSs... be aware of that.
Pre Pie OS's are suspectable to rootkits that require a reflash to exterminate.
Scan with Malwarebytes every week or so; it picked off 2 nasty trojan preloaders for me before they could be activated about a year ago.
Use online Virustotal to scan any apk or file you're not sure about.
Click to expand...
Click to collapse
So, you must have a wife who understands that. Trying to tell my wife not to click something because it is probably a virus is like telling a 3 year old they can't have the adult red juice.
Basically, what this is though, is confirming that at min. We need a phone for the wife, for the aforementioned reasons.
JackWorthing said:
So, you must have a wife who understands that. Trying to tell my wife not to click something because it is probably a virus is like telling a 3 year old they can't have the adult red juice.
Basically, what this is though, is confirming that at min. We need a phone for the wife, for the aforementioned reasons.
Click to expand...
Click to collapse
I was fortunate and didn't marry or unfortunate
She doing what old people do... threatened her with an iphone
That trojan preloader was a tricky little devil and manage to download it's self without a download notification. You really need to be alert.
Teach her to close that browser page rather than click the mystery box. Occasionally I even close the browser and clear the cache if it's really invasive. Rarely anything more than that; it doesn't seem to happen on Brave, more on the Samsung browser on iffy sites. If I can learn to navigate in the gutter, she can too.
You can do is look at her phone at the end of the day. Maybe get the paid version of Malwarebytes. Unfortunately it won't stop everything.
I have no recommendations as I think Android is in a flat spin, Android 11 is just wretched. Even if you get a phone running on 10 it will soon be updated to 11... unless you disable updates.
10 would be more secure but overlay apps don't run on it and it guts Karma Firewall.
JackWorthing said:
So, you must have a wife who understands that. Trying to tell my wife not to click something because it is probably a virus is like telling a 3 year old they can't have the adult red juice.
Basically, what this is though, is confirming that at min. We need a phone for the wife, for the aforementioned reasons.
Click to expand...
Click to collapse
Download this app and tell her to scan your device regularly with this antivirus. It's the best one I found on playstore. It also scans for any harmful files : https://www.google.com/url?sa=t&sou...BMA16BAgfEAE&usg=AOvVaw2ovEreBbhkoaiQCAgeyV81
And you too do the scams !!!!!
Arc android said:
Download this app and tell her to scan your device regularly with this antivirus. It's the best one I found on playstore. It also scans for any harmful files : https://www.google.com/url?sa=t&source=web&rct=j&url=https://play.google.com/store/apps/details?id=com.protectstar.antispy&hl=en_US&gl=US&referrer=utm_source%3Dgoogle%26utm_medium%3Dorganic%26utm_term%3Dprotectstar&pcampaignid=APPU_1_OxGrYNnyOsfd9QOVxI-IBw&ved=2ahUKEwiZ_OS9pOHwAhXHbn0KHRXiA3EQ8oQBMA16BAgfEAE&usg=AOvVaw2ovEreBbhkoaiQCAgeyV81
And you too do the scams !!!!!
Click to expand...
Click to collapse
There will always be new threats without definitions. It may help but the phone's user is the #1 security threat.
I don't even let Malwarebytes run in the background because all those apps eat battery with little to show for it. Android is relatively secure, even outdated versions unless you do...
blackhawk said:
There will always be new threats without definitions. It may help but the phone's user is the #1 security threat.
I don't even let Malwarebytes run in the background because all those apps eat battery with little to show for it. Android is relatively secure, even outdated versions unless you do...
Click to expand...
Click to collapse
Yeah you are right actually.
Spoiler: Warning - don't visit these two sites:
Code:
www.vu239trk.com
int.vaicore.store
Trend Micro says both of these sites are malicious.
Full story - I recently changed router brands. Our new routers have the ability to block malicious sites that are trying to be accessed. Thankfully, this isn't happening on my rooted phone - it's happening on my wife's Pixel 7 Pro which is unlockable but is locked. The same was the case a week and a half ago with her Pixel 6 Pro. Problem is, that my wife has no idea which of her apps - I'm guessing a game, but who knows - would be accessing those. I've tried to pin them down according to what time the router blocked access, but it hasn't helped.
The router has blocked access to those sites from her phone(s) a total of seven times between October 5th and the 19th:
10/5 - vu
10/9 - vu
10/12 - vaicore
10/14 - vu
10/15 - vu
10/16 - vu
10/19 - vu
So it's not every day, and not repeatedly on the same day. I've let her know each time the router notifies me, but nothing has come to mind for her, so I don't know if it's happening in the background or when she's actively using an app.
I've tried some simple Google-fu for this question, or specifically regarding these sites without any promising help.
Does anyone have any suggestions for how to find out what apps are accessing them? I'm aware of solutions like NetGuard - no-root firewall to whitelist/blacklist internet access - however, my wife is non-technical - I don't root her phones anymore as she's not interested in the benefits and it's less work for me, and no chance for me to mess up her configuration. Also, we both suspect that it's one of her games that is trying to access those sites, and those games might already require internet access for them to work, so I'm more interested in tracking down which without a process of elimination. She's also not methodical like I am, at least for technical things.
I could probably dump a list of her apps to at least get some ideas. All her apps came from the Play Store and were just restored from there during our recent transition to the Pixel 7 Pro, so whatever it is, Google hasn't caught it yet. She doesn't use any special web browsers, just Chrome, and she doesn't do anything techie or hacky.
Also trying to avoid both a factory reset and not using Google's cloud backup. She forgets her passwords constantly so fresh setups always cause high anxiety for her, and therefore for me too.
After you install an app block all updates. A common ploy is the app is clean but after it is installed it will download it's malicious payload.
Keep all social media and shopping apps off the phone. They are malware.
If an app doesn't need internet access to function it should be firewall blocked. Few app need internet access. Find the malware or factory reset and reset passwords. I give myself 2 hours before I nuke it. That should be enough time to find/fix minor malware issues.
Full scan with Malwarebytes. Pay close attention to the download folder and any apps that run at startup. Scan suspects with online Virustotal.
Try in safe mode, see if it stops.
It maybe a false alert... otherwise uninstall or package block installed apps one by one until you nail it. If it's a virus or rootkit that won't stop it though. Hopefully it's just a rogue app that didn't download a rootkit payload...
blackhawk said:
After you install an app block all updates. A common ploy is the app is clean but after it is installed it will download it's malicious payload.
Keep all social media and shopping apps off the phone. They are malware.
If an app doesn't need internet access to function it should be firewall blocked. Few app need internet access. Find the malware or factory reset and reset passwords. I give myself 2 hours before I nuke it. That should be enough time to find/fix minor malware issues.
Full scan with Malwarebytes. Pay close attention to the download folder and any apps that run at startup. Scan suspects with online Virustotal.
Try in safe mode, see if it stops.
It maybe a false alert... otherwise uninstall or package block installed apps one by one until you nail it. If it's a virus or rootkit that won't stop it though. Hopefully it's just a rogue app that didn't download a rootkit payload...
Click to expand...
Click to collapse
I've never once had a problem with any of this stuff... I think the malware problem is hugely overblown. I just don't download random obscure apps and never had an issue.
Trend Micro is often overzealous. I have disabled that crap on my ASUS router.
They both seem to be marketing and tracking sites. The vaicore one apparently was even being triggered by the Audible app at one point.
https://www.reddit.com/r/audible/comments/ttakhs
You could try DuckDuckGo's tracking protection to figure out which app is doing it.
Introducing DuckDuckGo App Tracking Protection for Android
Join the waitlist to try App Tracking Protection for Android today!
spreadprivacy.com
blackhawk said:
After you install an app block all updates. A common ploy is the app is clean but after it is installed it will download it's malicious payload.
Keep all social media and shopping apps off the phone. They are malware.
If an app doesn't need internet access to function it should be firewall blocked. Few app need internet access. Find the malware or factory reset and reset passwords. I give myself 2 hours before I nuke it. That should be enough time to find/fix minor malware issues.
Full scan with Malwarebytes. Pay close attention to the download folder and any apps that run at startup. Scan suspects with online Virustotal.
Try in safe mode, see if it stops.
It maybe a false alert... otherwise uninstall or package block installed apps one by one until you nail it. If it's a virus or rootkit that won't stop it though. Hopefully it's just a rogue app that didn't download a rootkit payload...
Click to expand...
Click to collapse
Since this is my wife's phone, not mine, I'm not willing to micro-manage to try to find the culprit. It would only cause her stress and because of that, ultimately more stress for me.
EtherealRemnant said:
Trend Micro is often overzealous. I have disabled that crap on my ASUS router.
Click to expand...
Click to collapse
I'll certainly keep an eye on what it reports, but since so far it's only reported things from my wife's phone and not my own or any of our computers, I'm going to keep being curious about what exactly is triggering it.
EtherealRemnant said:
They both seem to be marketing and tracking sites. The vaicore one apparently was even being triggered by the Audible app at one point.
https://www.reddit.com/r/audible/comments/ttakhs
Click to expand...
Click to collapse
Thanks for that information! In this case, she doesn't have the Audible app.
EtherealRemnant said:
You could try DuckDuckGo's tracking protection to figure out which app is doing it.
Introducing DuckDuckGo App Tracking Protection for Android
Join the waitlist to try App Tracking Protection for Android today!
spreadprivacy.com
Click to expand...
Click to collapse
Ah, I forgot about DuckDuckGo app's advertised capability. I'll take a look into it. Thanks!
roirraW edor ehT said:
Since this is my wife's phone, not mine, I'm not willing to micro-manage to try to find the culprit. It would only cause her stress and because of that, ultimately more stress for me.
Click to expand...
Click to collapse
Words of wisdom for maintaining a happy marriage
Lughnasadh said:
Words of wisdom for maintaining a happy marriage
Click to expand...
Click to collapse
New movie: "Honey, I disabled half of your apps!"
EtherealRemnant said:
I've never once had a problem with any of this stuff... I think the malware problem is hugely overblown. I just don't download random obscure apps and never had an issue.
Click to expand...
Click to collapse
I rarely sample apps. All my apps are vetted and most have been used by me for years. Playstore is a mess. I keep installable copies of all my apps on my data drive (SD card) master backup for easy reloads if I need to factory reset. I occasionally side load, these are always first scanned with Virustotal. If they even look a little twitchy they aren't loaded. I firewall block all apps that implicitly don't need internet access. I also watch what is accessing the internet, when and why.
Apps are never upgraded unless it would provide a substantial benefit. There's no need to as I already have a stable platform. I don't upgrade or update the firmware, ever. This 3 yo N10+ is still running snappy fast and rock solid stable on Pie. Any problem is easy to stop as the platform is very predictable; malware stands out like a sore thumb. The current load is over 2yo and it runs day after day like a bat out of hell with minimal maintenance. I also watch the download folder like a hawk; everything is vetted before it is moved into the database, apps, mp4's, jpegs etc. At the very least I open the file in the download folder to look for abnormal behavior especially in that folder.
I've had malware jpegs on Android, once you open it, it would damage any files not in a folder in the download folder. Some were repairable some not and best deleted. Deleting the jpeg ends it's rain of terror. If it gets into the database in a folder with a large number of files it would rain hell down on you. It may not be detectable at all as malware meaning you would need to find it the hard way.
There are scripted jpegs, pngs that target both PC and Android. They pop up from time to time and Outlook can be a vector. Keel all email in the cloud ie Gmail. Be very cautious of downloading anything from emails, the oldest trick in the book. Lol, you've been warned
Also saw a trojan preloader slip past Samsung browser without permission. I tagged it in the download folder before it could download it's payload. KIA Police the download folder daily, delete any unknown files without opening them.
Vet everything.
Almost all malware is loaded or downloaded by the user, one way or another. Pie and above are secure unless you do stupid things.
┤Mod Edit├┤Unneeded remark removed├
roirraW edor ehT said:
New movie: "Honey, I disabled half of your apps!"
Click to expand...
Click to collapse
Sequel: "Why I now sleep on the couch"
roirraW edor ehT said:
New movie: "Honey, I disabled half of your apps!"
Click to expand...
Click to collapse
Translation: "Honey half your apps were spyware, can we still be friends after the divorce?"
Lughnasadh said:
Sequel: "Why I now sleep on the couch"
Click to expand...
Click to collapse
"...and use the cat's litterbox..."
roirraW edor ehT said:
Since this is my wife's phone, not mine, I'm not willing to micro-manage to try to find the culprit. It would only cause her stress and because of that, ultimately more stress for me.
I'll certainly keep an eye on what it reports, but since so far it's only reported things from my wife's phone and not my own or any of our computers, I'm going to keep being curious about what exactly is triggering it.
Thanks for that information! In this case, she doesn't have the Audible app.
Ah, I forgot about DuckDuckGo app's advertised capability. I'll take a look into it. Thanks!
Click to expand...
Click to collapse
Try scanning with Malwarebytes. Virustotal is the gold standard as it gives a broad overview to what's there and how it behaves.
Brave browser is near bulletproof.
Always try to back out of a bad site by closing that window if necessary or close the browser. Occasionally I needed to clear the cache as well. Never needed to clear the data but have seen some really persistent bad sites. No breach though save that one trojan preloader.
Abnormal behavior should be promptly investigated and the cause found.
Never ignore it... and teach her new tricks.
blackhawk said:
I rarely sample apps. All my apps are vetted and most have been used by me for years. Playstore is a mess. I keep installable copies of all my apps on my data drive (SD card) master backup for easy reloads if I need to factory reset. I occasionally side load, these are always first scanned with Virustotal. If they even look a little twitchy they aren't loaded. I firewall block all apps that implicitly don't need internet access. I also watch what is accessing the internet, when and why.
Apps are never upgraded unless it would provide a substantial benefit. There's no need to as I already have a stable platform. I don't upgrade or update the firmware, ever. This 3 yo N10+ is still running snappy fast and rock solid stable on Pie. Any problem is easy to stop as the platform is very predictable; malware stands out like a sore thumb. The current load is over 2yo and it runs day after day like a bat out of hell with minimal maintenance. I also watch the download folder like a hawk; everything is vetted before it is moved into the database, apps, mp4's, jpegs etc. At the very least I open the file in the download folder to look for abnormal behavior especially in that folder.
I've had malware jpegs on Android, once you open it, it would damage any files not in a folder in the download folder. Some were repairable some not and best deleted. Deleting the jpeg ends it's rain of terror. If it gets into the database in a folder with a large number of files it would rain hell down on you. It may not be detectable at all as malware meaning you would need to find it the hard way.
There are scripted jpegs, pngs that target both PC and Android. They pop up from time to time and Outlook can be a vector. Keel all email in the cloud ie Gmail. Be very cautious of downloading anything from emails, the oldest trick in the book. Lol, you've been warned
Also saw a trojan preloader slip past Samsung browser without permission. I tagged it in the download folder before it could download it's payload. KIA Police the download folder daily, delete any unknown files without opening them.
Vet everything.
Almost all malware is loaded or downloaded by the user, one way or another. Pie and above are secure unless you do stupid things. No saving dumb bunnies, you are what you load/download.
Click to expand...
Click to collapse
I mean I use FairEmail and have it set to only download images when I tell it to but other than that, I don't use much more than common sense for my security platform. I don't dabble a lot in random apps (sometimes I will grab a game from a new dev after I see some positive reviews for it somewhere but those F2P apps end up earning the devs more money in microtransactions than they would get from malware anyway so the risk is low here, especially since I only go for visually appealing games with some depth to them), I don't use a firewall, don't use AV... It's never been a problem going all the way back to Cupcake on my HTC Hero.
I do, however, take all updates within a few weeks of them being available (system updates I will do as soon as I get a prompt that they are available, app updates I manually do), and while that potentially exposes me to a zero day if one of my apps goes rogue, lots of pre-existing loopholes get closed by these same updates as well.
For that matter, going back to my first computer when I was 8 or 9 years old running DOS, I've only ever gotten one bug that was nasty enough for me to have to reinstall everything, a trojan, and I got it from some software I grabbed from a BBS IIRC. I don't run more than Windows Defender these days and I continue to just use common sense on the internet. Most of my important stuff is backed up to my Google Drive anyway so my desktop can get nuked and I'll just have to saturate the gigabit connection for a few hours to download all my apps and games again. *shrug*
I do use Bitwarden for passwords and Authy for 2FA (as well as having YubiKey for a few things like Google, Microsoft, and Bitwarden) as I feel that those are common sense in the world we live in but I just don't see the point otherwise.
I do use VirusTotal from time to time if I'm not sure about something as well.
blackhawk said:
Try scanning with Malwarebytes. Virustotal is the gold standard as it gives a broad overview to what's there and how it behaves.
Click to expand...
Click to collapse
Absolutely. I got her to install it - later when we're both not working, I'll work with her to have it do its thing. I meant to mention in my earlier reply, to thank you for that advice.
blackhawk said:
Brave browser is near bulletproof.
Always try to back out of a bad site by closing that window if necessary or close the browser. Occasionally I needed to clear the cache as well. Never needed to clear the data but have seen some really persistent bad sites. No breach though save that one trojan preloader.
Abnormal behavior should be promptly investigated and the cause found.
Never ignore it...
Click to expand...
Click to collapse
I use Brave for select things, but to try to move her completely or even partly from Chrome to Brave would ultimately not be an effort well spent. I'm getting anxious just knowing how things would go.
blackhawk said:
and teach her new tricks.
Click to expand...
Click to collapse
My wife's habits are firmly planted. Mine are probably just a tiny bit less than hers, but obviously, I can't be objective.
EtherealRemnant said:
For that matter, going back to my first computer when I was 8 or 9 years old running DOS, I've only ever gotten one bug that was nasty enough for me to have to reinstall everything, a trojan, and I got it from some software I grabbed from a BBS IIRC.
Click to expand...
Click to collapse
Ugh, that reminds me of the time just about 20 years ago that back in my Norton AntiVirus days, there was a trojan that wasn't detected for weeks - I forget which one, but Symantec was not picking it up, and I had kept on reinstalling Windows XP on both my wife's and my desktops I built but ultimately they both would act crazy in some way. What a pain. Then when Symantec finally recognized what was going on and their definitions found the culprit, what a relief.
That was the only time I know that any of my devices were infected and rampant.
EtherealRemnant said:
I don't run more than Windows Defender these days and I continue to just use common sense on the internet.
Click to expand...
Click to collapse
Same here.
EtherealRemnant said:
Most of my important stuff is backed up to my Google Drive anyway so my desktop can get nuked and I'll just have to saturate the gigabit connection for a few hours to download all my apps and games again. *shrug*
Click to expand...
Click to collapse
I've "lost everything" (digital) so many times over the last 38 years, but my most important potentially life-altering things are backed up in the cloud, too, although using my own encryption for the most sensitive things.
roirraW edor ehT said:
Ugh, that reminds me of the time just about 20 years ago that back in my Norton AntiVirus days, there was a trojan that wasn't detected for weeks - I forget which one, but Symantec was not picking it up, and I had kept on reinstalling Windows XP on both my wife's and my desktops I built but ultimately they both would act crazy in some way. What a pain. Then when Symantec finally recognized what was going on and their definitions found the culprit, what a relief.
That was the only time I know that any of my devices were infected and rampant.
Click to expand...
Click to collapse
Yeah this was definitely in the early Norton days. That computer was running Windows 3.1. lol.
roirraW edor ehT said:
I've "lost everything" (digital) so many times over the last 38 years, but my most important potentially life-altering things are backed up in the cloud, too, although using my own encryption for the most sensitive things.
Click to expand...
Click to collapse
I have been incredibly lucky. I have never even had a hard drive fail to the point of any significant loss. I actually still have the 320GB Seagate that was in my grandfather's old Gateway P3 from the early 2000s and it still works fine.
But my stupid self has definitely done the "let's get drunk and mess with Linux" thing... Which has absolutely resulted in some loss lol, especially back in the LILO days when the installers could easily wipe out your Windows partition when they bugged out and also sometimes when I just messed up the partitioning myself.
Fortunately, there's not much that I absolutely have to have, so even if I lost absolutely everything, the biggest headache would be recovering my bank/credit union accounts (of which I have like 23 credit cards alone right now) and online accounts like XDA and reddit. Social media I could just start over. Or not start back up at all for that matter.
Also, I tried Brave... Can't do it. It's Chrome or nothing for me. It was hard enough to switch from Firefox to Chrome (I had been using Firefox since it was in alpha as Phoenix) but I'm just too set in my ways to switch to anything else now.
EtherealRemnant said:
Yeah this was definitely in the early Norton days. That computer was running Windows 3.1. lol.
Click to expand...
Click to collapse
I forgot - I guess I don't count my pre-XP days as far as viruses and trojans. Definitely had some on probably almost every Apple/Amiga/Windows OS I ever ran before XP. Security? What security!?
EtherealRemnant said:
I have been incredibly lucky. I have never even had a hard drive fail to the point of any significant loss. I actually still have the 320GB Seagate that was in my grandfather's old Gateway P3 from the early 2000s and it still works fine.
Click to expand...
Click to collapse
That is lucky. I'm not on the opposite spectrum of hard drive experience, but I definitely have run the wheels off of many hard drives.
EtherealRemnant said:
Also, I tried Brave... Can't do it. It's Chrome or nothing for me. It was hard enough to switch from Firefox to Chrome (I had been using Firefox since it was in alpha as Phoenix) but I'm just too set in my ways to switch to anything else now.
Click to expand...
Click to collapse
A few months ago I largely switched back to Firefox, but I still use Chrome for certain things, and I do use Brave for a very few things. A couple of years ago, I was liking Microsoft's Chromium-based Edge just fine, but then they changed just one little thing - which made it many more clicks than in Chrome or other browsers if you wanted to potentially change your download save location for each and every download.
There were a ton of complaints to Microsoft but they wouldn't reinstate the original way. I'd have no problem if they at least let users opt to use the way they used to, but fell on deaf ears. I switched back to Chrome after that - Edge was just too much of a pain for micro-managed downloads.
EtherealRemnant said:
I mean I use FairEmail and have it set to only download images when I tell it to but other than that, I don't use much more than common sense for my security platform. I don't dabble a lot in random apps (sometimes I will grab a game from a new dev after I see some positive reviews for it somewhere but those F2P apps end up earning the devs more money in microtransactions than they would get from malware anyway so the risk is low here, especially since I only go for visually appealing games with some depth to them), I don't use a firewall, don't use AV... It's never been a problem going all the way back to Cupcake on my HTC Hero.
I do, however, take all updates within a few weeks of them being available (system updates I will do as soon as I get a prompt that they are available, app updates I manually do), and while that potentially exposes me to a zero day if one of my apps goes rogue, lots of pre-existing loopholes get closed by these same updates as well.
For that matter, going back to my first computer when I was 8 or 9 years old running DOS, I've only ever gotten one bug that was nasty enough for me to have to reinstall everything, a trojan, and I got it from some software I grabbed from a BBS IIRC. I don't run more than Windows Defender these days and I continue to just use common sense on the internet. Most of my important stuff is backed up to my Google Drive anyway so my desktop can get nuked and I'll just have to saturate the gigabit connection for a few hours to download all my apps and games again. *shrug*
I do use Bitwarden for passwords and Authy for 2FA (as well as having YubiKey for a few things like Google, Microsoft, and Bitwarden) as I feel that those are common sense in the world we live in but I just don't see the point otherwise.
I do use VirusTotal from time to time if I'm not sure about something as well.
Click to expand...
Click to collapse
I'm still running W7. It's kept off the internet always. Android is a lot easier to keep secure.
Updates sound good in theory just like the Covid vaccine did. In actual practice they cause trouble and aren't needed. It's an ongoing experiment at this point and it's simply running too good to mess with the firmware. I refuse to.
Pie is pretty secure in real time with a few modifications. I keep wifi disabled as well. At this point I'm curious to see if anything can nail it. Lol, I test it everyday. A reload isn't very painful for me and everything is redundantly backed up.
App updates have caused me a lot of time and trouble particularly with Samsung. Got a pair of Buds+ that the last firmware update degraded the sound badly, need to get Samsung to reflash to its original firmware. My new Buds+ sound great with much better range; that firmware will never be upgraded. Upgrades and updates tend to break Samsung's... best to leave it be if it's fast, stable and fulfilling its mission. That strategy may sound counterproductive but it works well for me in real time.
That's all that counts.
Pcap droid app from the Google app store or download the apk from f-droid: it's a superb app.Here are some sample screenshots:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
step 1- root wife's phone
step 2- install netguard
step 3- install afwall+
step 4- check the logs from each and cross-reference which app is the problem
step 5- profit. have her make you sandwich
xxTECRAxx said:
step 1- root wife's phone
step 2- install netguard
step 3- install afwall+
step 4- check the logs from each and cross-reference which app is the problem
step 5- profit. have her make you sandwich
Click to expand...
Click to collapse
Thanks, but I was trying to indicate that root isn't an option I'm interested in for her phone. That is, she's not interested, and it would be especially disruptive to her now that we've had our factory unlocked Pixel 7 Pros for over six months, plus it's just less work for me to not bother rooting her phone and keeping it up to date manually.
In addition, with her phone not rooted, and the bootloader still locked, I feel better about her running whatever random games she plays.
I haven't had any notifications about that site being blocked in a while. The most recent email I found about it was from December, although I don't know if I might've deleted emails that came after that, but I think I purposefully kept only the most recent example.
I'll keep your information in mind if I ever experience anything like that coming from my devices (I always root them).