I went on a website that i later found out was known for installing rootkits . I was on firefox and have ublock origin installed. I didnt know about the third party filter settings so those werent up to date. And the page was saying how it was scanning my browser and initiating a dd something. I backed out before more stuff could load. And i cleared my cookies and downloaded several antivirus apps from the appstore and they all said im fine. But those dont scan for rootkits. I dont think theres a app that does that. I didnt click anything on the site but idk i something downloaded to my phone. Would i see it in my downloaded history or my download folder?
Tldr i just want to know if i may have gotten a rootkit by visiting a malicious website on my android phone.
I have a samsung galaxt s6
poopcycles said:
I went on a website that i later found out was known for installing rootkits . I was on firefox and have ublock origin installed. I didnt know about the third party filter settings so those werent up to date. And the page was saying how it was scanning my browser and initiating a dd something. I backed out before more stuff could load. And i cleared my cookies and downloaded several antivirus apps from the appstore and they all said im fine. But those dont scan for rootkits. I dont think theres a app that does that. I didnt click anything on the site but idk i something downloaded to my phone. Would i see it in my downloaded history or my download folder?
Tldr i just want to know if i may have gotten a rootkit by visiting a malicious website on my android phone.
I have a samsung galaxt s6
Click to expand...
Click to collapse
yes you could have got malware, though normally you would have had to interact with it to enable install. If it did gain root then nothing may show in downloads etc. If your rom is up to date or you backed out quickly you have a good chance you may be ok.
You could try a few root checker apps, but bear in mind it could have unrooted itself once installed as a system app. Else look out for any signs of strange behaviour or changes to system eg admin being added (maybe also try hidden admin finder app), install a firewall and check logs ....
go to virustotal or similar website and look for (or submit) that domain and see what malware it is being distributed, that might give you an idea where/what to look for (assuming it's still serving the same malware if you just submited url)
IronRoo said:
yes you could have got malware, though normally you would have had to interact with it to enable install. If it did gain root then nothing may show in downloads etc. If your rom is up to date or you backed out quickly you have a good chance you may be ok.
You could try a few root checker apps, but bear in mind it could have unrooted itself once installed as a system app. Else look out for any signs of strange behaviour or changes to system eg admin being added (maybe also try hidden admin finder app), install a firewall and check logs ....
go to virustotal or similar website and look for (or submit) that domain and see what malware it is being distributed, that might give you an idea where/what to look for (assuming it's still serving the same malware if you just submited url)
Click to expand...
Click to collapse
Why are you giving fake info ??? He couldnt had got malware on android when he hadnt installed anything!
I remember the first time I was installing some application on my S8+ I was asked if I want to scan application for security or something like this. Then I replied YES. But what was that application and how can I stop this now?
I suspect that my problem with application installation never ending is because of that scanner...
Thanks!
Elastep said:
I remember the first time I was installing some application on my S8+ I was asked if I want to scan application for security or something like this. Then I replied YES. But what was that application and how can I stop this now?
I suspect that my problem with application installation never ending is because of that scanner...
Thanks!
Click to expand...
Click to collapse
If it's Lookout just disable it. As long as you're getting them from the Play Store you are pretty safe.
Hi,I have an android box and just done a scan with Malwarebytes.
It brought up this threat
Android/PUP.Riskware.Autoins.Fota
/system/app/FotaUpdateReboot
FotaUpdateReboot.apk
Is it genuine malware or a false positive ?
Cheers.
ascender13 said:
Hi,I have an android box and just done a scan with Malwarebytes.
It brought up this threat
Android/PUP.Riskware.Autoins.Fota
/system/app/FotaUpdateReboot
FotaUpdateReboot.apk
Is it genuine malware or a false positive ?
Cheers.
Click to expand...
Click to collapse
Looks like several firms are flagging it as malware on virus total, at least according to the following thread
https://forums.malwarebytes.com/topic/216168-pre-installed-malware/
Thanks for that.
Looks like the system app FotaProvider allows adverts to pop up in the browser,which is exactly the issue I've been having.
I've uninstalled it now.Have to see how I get on
Cheers
update
ascender13 said:
Thanks for that.
Looks like the system app FotaProvider allows adverts to pop up in the browser,which is exactly the issue I've been having.
I've uninstalled it now.Have to see how I get on
Cheers
Click to expand...
Click to collapse
HI.
Is everything fine after you deleted the fota provider?
Yes,that fixed it.
remove problem apps
How do you delete these unwanted system apps?
The main sources of malware are google play store, and wireless update (the system app)
both are pre-installed malware when you buy the device
mprox said:
How do you delete these unwanted system apps?
The main sources of malware are google play store, and wireless update (the system app)
both are pre-installed malware when you buy the device
Click to expand...
Click to collapse
If I remember correctly I just used a file manager with root access
When you install an app from third-party, your phone may pops up a message like “For security, your phone is set to block installation of apps obtained from unknown sources.” So you may doubt about the safety of the app. Is it safe? Does it contains virus?
Actually, app from unknown source does not mean it is unsafe. But equally we can not trust it completely. The app is not allowed to publish on official site like Google Play Store because it infringe its policy. Facing the situation, the best solution is to find an alternative app on official app store. If you fail to find and really need the app, here is what you need to do:
Check if the app has virus. Go to the official to see whether the app has verified by any anti-virus software. Take InsTube as an example, you know it is verified by CM Security, Lookout Security and McAfee on instube dot com.
Read some decent reviews or comments. Though the app has passed through some safety verification software, the app may still harmful. For example, I want to download SnapTube, which has passed through safety verification, to my Android phone last year. I thought it is safe previously, but I changed my mind after reading some decent reviews. The reviews show that InsTube apk requires many important permissions from my phone, which let me worry about my privacy.
Anyway, consider carefully before installing an app from unknown sources. If you haven’t other option, just download it from its official site.
You can read a review to know why the apps may not that safe;
https://blog.instube.com/is-snaptube-apk-safe/
To check for a Virus drop the app into https://www.virustotal.com or in https://androidobservatory.org/
on open source apps you can look at the permissions being used from the AndroidManifest.xml file
You can run the app on a virtual machine if needed
I observed a strange thing today.
I keep a backup of my favourite apps by extracting them using SAI. I don't check these files on VirusTotal because they are downloaded from Google Play Store.
I downloaded Aloha Lite v1.7.3 from apkmirror today. As usual, when I ran it on VirusTotal, it was flagged by 2 antivirus engines, one of it being Google itself.
So I downloaded the same version (which is the latest one available) from Google Play Store, backed it up using SAI, and then wanted to check on VirusTotal again:
1. Contrary to what I expected, this file appears to have a different hash value compared to the one available on apkmirror. Does it mean the one on apkmirror is tampered with?
2. VirusTotal flagged the Play Store version too, and it was the same two antivirus engines, one of which is Google itself. This came in as another surprise.
So what are we supposed to conclude from these observations?
1. Google Play Protect says the file is safe, but Google on VirusTotal says it isn't. Which one is true?
2. How come the apk on apkmirror is having a different hash value compared to the one on Google Play Store? Isn't hash check the only way to ensure there is no tampering? I thought apkmirror had enough checks in place to ensure authenticity.
Apkmirror file analysis
Google Play Store file analysis
I trust Virustotal more than Playwhore... Playstore has failed multiple times in multiple ways
Anything that looks suspicious doesn't get installed; not worth the risk. Study the Virustotal results closely... error on the side of caution. No app is worth a factory reset. If there are any signs of system instability after install, ditch it fast...
Any app that's allowed to update can bring in a payload especially if it's from a 3rd party site. Don't update apps unless there's a good reason to.
Firewall block all apps that don't need internet access. Reject apps that shouldn't need internet access and refuse to function without it.
You are what you load...
blackhawk said:
I trust Virustotal more than Playwhore... Playstore has failed multiple times in multiple ways
Anything that looks suspicious doesn't get installed; not worth the risk. Study the Virustotal results closely... error on the side of caution. No app is worth a factory reset. If there are any signs of system instability after install, ditch it fast...
Any app that's allowed to update can bring in a payload especially if it's from a 3rd party site. Don't update apps unless there's a good reason to.
Firewall block all apps that don't need internet access. Reject apps that shouldn't need internet access and refuse to function without it.
You are what you load...
Click to expand...
Click to collapse
I hope you are aware that VirusTotal is owned by Google.
Here's what I think is happening:
The hash values given are for the user to check whether the file he downloaded is the exact same as the one hosted on the site (to prevent man-in-the-middle attacks).
What VirusTotal uses to check for authenticity is Cryptographic Signature of the apk files. This is different from hash values:
FAQ - APKMirror
General Info What is the purpose of APKMirror.com? What APKs are accepted? I just uploaded an APK but it’s not going live. APKMirror.com is a highly curated community, so there’s absolutely no guarantee we will publish your app. The site’s primary purposes are, in the order of importance: Allow...
www.apkmirror.com
TheMystic said:
I hope you are aware that VirusTotal is owned by Google.
Click to expand...
Click to collapse
So...?
TheMystic said:
Here's what I think is happening:
The hash values given are for the user to check whether the file he downloaded is the exact same as the one hosted on the site (to prevent man-in-the-middle attacks).
What VirusTotal uses to check for authenticity is Cryptographic Signature of the apk files. This is different from hash values:
FAQ - APKMirror
General Info What is the purpose of APKMirror.com? What APKs are accepted? I just uploaded an APK but it’s not going live. APKMirror.com is a highly curated community, so there’s absolutely no guarantee we will publish your app. The site’s primary purposes are, in the order of importance: Allow...
www.apkmirror.com
Click to expand...
Click to collapse
Don't use it if you don't trust it... an easy choice.
blackhawk said:
So...?
Click to expand...
Click to collapse
If you are dealing with the same entity in both situations, where is the question of trusting one over the other?
blackhawk said:
Don't use it if you don't trust it... an easy choice.
Click to expand...
Click to collapse
Having a better understanding of what is happening helps in better and informed decision making.
My experience with VirusTotal:
I release a lot of Windows executables that I write.
They don't have any analytics, phone-home, anything.
They don't even use the internet.
Once in a while somebody tells me, "your blah-blah.exe was flagged on VirusTotal" (2 out of 99 or thereabouts).
So I check it out and maybe 1 or 2 have flagged it as virus (not necessarily the same two).
So I knock on the doors of those two and say, "whadjamean?"
Eventually they say, "oh, it's all good".
Renate said:
My experience with VirusTotal:
I release a lot of Windows executables that I write.
They don't have any analytics, phone-home, anything.
They don't even use the internet.
Once in a while somebody tells me, "your blah-blah.exe was flagged on VirusTotal" (2 out of 99 or thereabouts).
So I check it out and maybe 1 or 2 have flagged it as virus (not necessarily the same two).
So I knock on the doors of those two and say, "whadjamean?"
Eventually they say, "oh, it's all good".
Click to expand...
Click to collapse
Not all flags are necessarily false positives.
In your case, you are confident about the programs because you are the one writing it.
The user has very limited information and so there are concerns.
TheMystic said:
Here's what I think is happening:
The hash values given are for the user to check whether the file he downloaded is the exact same as the one hosted on the site (to prevent man-in-the-middle attacks).
What VirusTotal uses to check for authenticity is Cryptographic Signature of the apk files. This is different from hash values:
FAQ - APKMirror
General Info What is the purpose of APKMirror.com? What APKs are accepted? I just uploaded an APK but it’s not going live. APKMirror.com is a highly curated community, so there’s absolutely no guarantee we will publish your app. The site’s primary purposes are, in the order of importance: Allow...
www.apkmirror.com
Click to expand...
Click to collapse
The question still remains:
Why was I required to upload the file I downloaded from Google Play Store to ApkMirror if it had the same cryptographic signature as the one that the site was already hosting?
TheMystic said:
If you are dealing with the same entity in both situations, where is the question of trusting one over the other?
Click to expand...
Click to collapse
If you have a better site... I'm all ears.
TheMystic said:
Having a better understanding of what is happening helps in better and informed decision making.
Click to expand...
Click to collapse
Not sure why you're bothering. There's one sure fired way to find out... better you than me☠
blackhawk said:
If you have a better site... I'm all ears.
Not sure why you're bothering. There's one sure fired way to find out... better you than me☠
Click to expand...
Click to collapse
I have over 600 apps installed on my device, all downloaded from Google Play Store. Until today, I never bothered to check any of these on VirusTotal. But this thing has got me thinking now.
TheMystic said:
I have over 600 apps installed on my device, all downloaded from Google Play Store. Until today, I never bothered to check any of these on VirusTotal. But this thing has got me thinking now.
Click to expand...
Click to collapse
600 is way too many.
Lol, you're a goner for sure
I have 79... not counting system apps.
blackhawk said:
600 is way too many.
Lol, you're a goner for sure
I have 79... not counting system apps.
Click to expand...
Click to collapse
If I count the system apps, then it is over 1,000.
blackhawk said:
600 is way too many.
Lol, you're a goner for sure
I have 79... not counting system apps.
Click to expand...
Click to collapse
I have 92 apps with system apps included
Dayuser said:
I have 92 apps with system apps included
Click to expand...
Click to collapse
What phone and OS?
On a Samsung's there are lots of system apps, about 379. About 60 of those are package disabled as well as some Gookill system junk.
blackhawk said:
What phone and OS?
On a Samsung's there are lots of system apps, about 379. About 60 of those are package disabled as well as some Gookill system junk.
Click to expand...
Click to collapse
Moto G7 Power stock Android 10 OS
Dayuser said:
Moto G7 Power stock Android 10 OS
Click to expand...
Click to collapse
That's clean. You take a battery or performance hit with 10?
blackhawk said:
That's clean. You take a battery or performance hit with 10?
Click to expand...
Click to collapse
Yes it is. I don't know what do you mean by hit? Battery life is really good (just changed new battery).
Performance is well.. Decent.. It's not flagship performance but it's still good for me. I'm not experience any lags.