[Q] Malicious spam started immediately w/ first android phone! - Android Q&A, Help & Troubleshooting

So I finally upgrade my LG simple 1G phone to a VZW Galaxy S4, allowed it to update to MK2, setup my gmail account (not G+ though), take care of organizing it like I want, etc. Next thing I notice, that in my gmail I start getting dangerous looking spam ("update your Amazon credit card info", "update your ###### info", and the image had a link which would've sent me to a Yemen domain. Nothing happens without a reason, and the only thing that changed was I gave the phone my gmail logon. I did not directly give account info to any of the other vendors advertised on the bloatware on this phone. I should add that prior to this I was familiar with the spam I'd get in gmail (and gmail would flag it into spam folder) and it was consistent and never made it into my inbox.
This being my first android I'd appreciate comments on your experiences with this, and anything you can share on how to better safeguard my info. I hate google, or anybody for that matter, having so much access to my credentials which I normally and successfully hold fairly close. (Yes this is my first smartphone).
I am a Malwarebytes registered user on my desktop and laptop so I downloaded their app onto my phone, but something tells me what caused this spammer to source me was over-sharing of data on google's (android's?) part.
Thanks
MessyPotamia ("because in the land between the Tigris and Euphrates, things are a MESS")
Huntsville, Alabama

I think its pretty safe to say its coincidence. My family owns about 5 Android devices and I myself have three Android devices currently in active use , two gmail account, one for my personal devices and the other for family use and so far, we have yet to get any 'weird' spam issues except for the occasional spam that promises me that I'll get bigger manhood and such. Try playing with the app settings or try another email app. I mean, if you have a gmail account all this while and google wants to sell off your personal information, they would have sold it a long time ago and not wait only now because you have a new smartphone right? Lol
Sent from my GT-N7105 using xda app-developers app

mha93 said:
I think its pretty safe to say its coincidence. <SNIP> I mean, if you have a gmail account all this while and google wants to sell off your personal information, they would have sold it a long time ago and not wait only now because you have a new smartphone right? Lol
Sent from my GT-N7105 using xda app-developers app
Click to expand...
Click to collapse
Didn't mean that I think G directly sold it off, but something enabled a spammer to target me. Have been getting this same spam about 1x / day since I shared my 10 yr old gmail acct w/ VZW/I545/MK2. Something triggered it, I don't believe in coincidences (my prior CI work, sorry!), and the only thing that changed was my new setup.

Maybe its something that you've installed? Like have you pirated any apps or downloaded any sketchy apps? Besides that, I can't think of other ways besides logging in to your gmail account, and actively mark the emails from that address as spam.
Sent from my GT-N7105 using xda app-developers app

mha93 said:
Maybe its something that you've installed? Like have you pirated any apps or downloaded any sketchy apps? Besides that, I can't think of other ways besides logging in to your gmail account, and actively mark the emails from that address as spam.
Sent from my GT-N7105 using xda app-developers app
Click to expand...
Click to collapse
Two days later from my orig post. First, I have not downloaded any suspicious apps (only 2 banking apps, and they're pretty secure), one or two others from app store (but uninstalled them when I wasn't impressed). I set up my wife's yahoo email account as another account under email; one gmail account I use often as another email account; and my regular gmail account is the main phone account. My regular gmail account gets very little spam.
Now I notice my wife is getting evidence her contacts have been harvested, as folks in her contacts (some very old contacts) are replying "Did you send this? " or rejection messages from their .gov or .mil enterprise mail server. She has had registered malwarebytes on her laptop, as do I on mine. Tomorrow I will run CCleaner and HijackThis on both hers and mine. I must say the neither of us visit suspicious places or have any poor practices regarding opening emails or attachments, and our Secunia PSI scores are usually around 98.
This has to have something to do with my new Galaxy S4 and the fact that I gave it my gmail credentials, and her yahoo credentials.
This is not a coincidence.

After googling around, I came upon several forums stating that their users are getting spam mails after logging into their gmail accounts from their 'new' smartphones. So I guess your case is not unique. In all the cases, they managed to solve the problem by changing their gmail password. So what I'm thinking is that your phone is a 'manufacturer refurbished phone' or at least one that was returned to your carrier and repackaged again and that the previous owner left a malicious code or script in the phone. So short of returning to your carrier or to Samsung, I suggest that you change your password, factory reset your phone, update the firmware before logging in to your gmail account and see if it changes anything. The best bet is to return it to Samsung or your carrier on grounds that its a 'defective device' or at least claim that something is wrong with it. Chances are, they will reflash a fresh new firmware onto your phone and would in theory solve and delete any malicious code in your phone. Or they'll replace yours with a new phone. Yeah sounds troublesome but if you want to skip Samsung and reflash a new firmware yourself, head over to the S4 forums and see the method of flashing a new stock firmware. Sorry that your new smartphone causes so much problems. Google is quite helpful when its working right.
Sent from my GT-N7105 using xda app-developers app

(Problem solved)
mha93 said:
After googling around, I came upon several forums stating that their users are getting spam mails after logging into their gmail accounts from their 'new' smartphones.<<SNIPPED for brevity>> Google is quite helpful when its working right.
Sent from my GT-N7105 using xda app-developers app
Click to expand...
Click to collapse
The source of the spam is most assuredly the YAHOO MAIL ANDROID APP (downloaded 3 days ago from App store and put on her android, not mine). After running (reg'd) malwarebytes, plus CCleaner and HijackThis (all showed nominal) I began to suspect it was on Yahoo's side, and sure enough there are plenty of recent articles about their vulnerability. Removed the app from her Moto Droid.
I particularly enjoyed reading this:
[I can't post outside links, google the search terms "even-yahoo-employees-dont-use-yahoo-mail"]
Meanwhile, everyone here I thank for participating in this thread.

Related

Consolidate market purchases to 1 account?

I made various purchases with different “main gmail accounts", but always used the same Google checkout.
Now depending on what email I set as first after a new Tom install I can either download a part of what was purchased with that gmail as default or reset and use the other default for the other apps, impossible though to access all purchased, attempts restoring backed up apps result in copyright protection prompts.
Any idea how to solve that?
Sent from my Nexus One using XDA App
I'm wondering the same thing, when I was running android on my tp2 I was using a different account.now I use my gmail and I can't figure out how to transfer my old purchased apps
I got the answer.. but not very appealing...
husker91 said:
I'm wondering the same thing, when I was running android on my tp2 I was using a different account.now I use my gmail and I can't figure out how to transfer my old purchased apps
Click to expand...
Click to collapse
After reading true the Google FAQ I found the answer, anything else than satisfying though...:
- According to Google each purchase is associated with your main account - main account as per definition is the one that you've added first after installing a rom, regardless if your checkout account is associated with another gmail account. They state clearly that if one changes email, he has to buy the stuff again.
Usually not the approach that google takes, and without ending in a collective bash, I still gotta admit that this is quite a primitive way of handling customer relation - at least in my opinion.
[Edit:] I made an experiment with apprain.com, hoping they would be the solution for future purchases, but unfortunately the market app is the dominating part in the triangle between user - apprain - market syncing[/Edit:]

Virus on my Lumia???

Hi Guys,
I have recently installed the 12070 F/W on my Lumia 800 phone and last night an email was sent out to all 500 contacts that I have for no reason. There was an email attachment in the form of a web address which, when opened, brought you to a page in a magazine called Business Journal.
I am really worried this morning. I need to email all of my contacts to warn them of this. But what do I do with the phone, do I have a virus on it? If so, how did it get there and what do I need to do to remove it??
Guidance right now much appreciated.
It's nearly impossible to send something from wp7 without user interaction.
I think that your PC is a victim or someone guessed your password to e-mail account.
Chipsaru said:
It's nearly impossible to send something from wp7 without user interaction.
I think that your PC is a victim or someone guessed your password to e-mail account.
Click to expand...
Click to collapse
Thanks for your ideas on this. This all happened last night when I was not even using the phone and my lappy was switched off. The mails was sent to absloutely everyone in my WP7 phone book :-(
17-apg said:
Thanks for your ideas on this. This all happened last night when I was not even using the phone and my lappy was switched off. The mails was sent to absloutely everyone in my WP7 phone book :-(
Click to expand...
Click to collapse
I doubt that something can send emails from your WP7 without your consent. Your contacts are also saved in your Live Account accesible from your PC. It could be possible that something has logged the Password on the PC and sent to a third person. You should make sure that your PC is always equipped with the latest antivirus. Also you should Keep in mind that Windows Live offers to sent you an one time Password via sms in case you Need to sign in from un untrusted PC.
It's absolutely impossible it has something to do with the phone. My guess is that someone got your Windows Live password and sent it from there...
Change you password asap
Done today, thanks. I was so surprised. I guess if someone had the password they could have done this online in my account without me knowing. First thing I knew was 66 undeliverable notifications on my phone late late night
Sent from my Lumia 800 using Board Express
17-apg said:
The mails was sent to absloutely everyone in my WP7 phone book :-(
Click to expand...
Click to collapse
So it was also sent to every Contact in your Live Account and/or Google Account. I guess someone had access to one of those.
Yes the mail was sent to every contact in my live account. It was simply a link to a buisness journal wzine as far as I could see; not a virus but a spam message. I have changed my password to access my LIVE account in th ehope that this will end it.
17-apg said:
Yes the mail was sent to every contact in my live account. It was simply a link to a buisness journal wzine as far as I could see; not a virus but a spam message. I have changed my password to access my LIVE account in th ehope that this will end it.
Click to expand...
Click to collapse
It's your email account that got hacked. Happened to my friend too, and he has an android. It's not your phone and possibly not your laptop either. It's your live account that got hacked by spam or virus.
actually not impossible
I also think that its impossible to mail/edit through wp phone api, making it nearly impossible to make viruses in traditional terms. Also for marketplace there are are some virus scanning made of apps on submission.
However app behaviour is another thing...
Think about the following scenario:
You install a smart dialer (for example) that requires access to contacts, owner identity and data services.
Without Your consent and knowledge the app harvests and sends of information from Your device.
The sum of all is that: yes, it might be a app on Your phone that is behind the mailing as well as it might be malware on your pc.
Don't install apps from unknown developers that requires more permissions then what seems ok.
Thanks for all your replies.
Seems like it has been an attack on my windows live mail account. Have changed password and will now do so every 90 days or so as recommended by microsoft. I have also checked all apps on my phone and there are none that i can see accessing my contacts. But I will continue to check.
17-apg said:
Thanks for all your replies.
Seems like it has been an attack on my windows live mail account. Have changed password and will now do so every 90 days or so as recommended by microsoft. I have also checked all apps on my phone and there are none that i can see accessing my contacts. But I will continue to check.
Click to expand...
Click to collapse
There is no API for sending emails without the phone owner's confirmation so it is impossible. Though be careful when giving your email to websites (and apps too) as they can use it to send spam. Sending email from any address does not need a password.

Will google delete my account?

I recently got sick of Google+ prompts when I log into certain google-hosted features.
I have had this account for many years, and finally change my name, and it "might be" obvious that it is not my "legal" name.
Has anyone had their account deleted that pays for google apps, and uses it on their Android(s)?
What happens to purchased app retrieval, if this is the case? Switch to Amazon with a new e-mail account, and not give google another penny to track you?
Why are you concerned about Google tracking you? Serious question.
Sent from my HTC One S using xda app-developers app
tevinwade said:
Why are you concerned about Google tracking you? Serious question.
Sent from my HTC One S using xda app-developers app
Click to expand...
Click to collapse
I am not worried about the tracking, or I would not be using a Smartphone, it's all about the monkey-wrenching and not part of the database.
(Most people don't even know how many thousands of data-points they collect every day:
http://www.youtube.com/watch?v=NObTjstI6f4 Part two is even more interesting.)
Has anyone had their account deleted that pays for google apps, and uses it on their Android(s)?
I never had news of this subject ... already tried support?
I have a plenty of friends on G+, and 90% of them is NOT using their real name.
While they got some warnings about that, all they did was changing their fake name to another fake name. I never seen any of my friends getting banned for that.
And also, I don't think that your whole account will get suspended, I think that the only thing you won't be able to access will be G+. But I am not 100% sure on that.

Gmail Account Hijacked - including Google Play Store

Last week I noticed a device under my Google Play account (My Devices) that is not mine, a phone on a Romanian cell phone company network. I also noticed that someone from Russia had accessed my Gmail account. I changed my Gmail password (the old one was alpha-numerica,random, with symbols) and turned on two step authentication.
The Gmail account seems to be ok. The contacts all there and no messages removed or messages sent by people other than me.
The only sign of the intrusion is about a dozen "free" apps ordered by that device. It included sketchy gambling apps, a child's game that from comments I read has adult advertisements, and ringtones. After I changed the password there are new "free" media on the account - books and various video. These appear to be from a different user - all in English as opposed to Russian and nothing sketchy.
My guess on how this started - I downloaded an app with about 100 reviews. The next day the "free" apps started to appear, and the unauthorized device also was added the next day.
My SGS 3 isn't rooted. For Jellybean it seems that I have to wait for a stable root, should be another few days.
I contacted the Play Store support and they were of no help. They referred me to Gmail support but Gmail doesn't offer phone support. I think only support on a Google Group forum.
Any idea how this could have happened and how to get this device off of my account? My PC's are secure and my primary PC is Linux.
starfcker69 said:
Last week I noticed a device under my Google Play account (My Devices) that is not mine, a phone on a Romanian cell phone company network. I also noticed that someone from Russia had accessed my Gmail account. I changed my Gmail password (the old one was alpha-numerica,random, with symbols) and turned on two step authentication.
The Gmail account seems to be ok. The contacts all there and no messages removed or messages sent by people other than me.
The only sign of the intrusion is about a dozen "free" apps ordered by that device. It included sketchy gambling apps, a child's game that from comments I read has adult advertisements, and ringtones. After I changed the password there are new "free" media on the account - books and various video. These appear to be from a different user - all in English as opposed to Russian and nothing sketchy.
My guess on how this started - I downloaded an app with about 100 reviews. The next day the "free" apps started to appear, and the unauthorized device also was added the next day.
My SGS 3 isn't rooted. For Jellybean it seems that I have to wait for a stable root, should be another few days.
I contacted the Play Store support and they were of no help. They referred me to Gmail support but Gmail doesn't offer phone support. I think only support on a Google Group forum.
Any idea how this could have happened and how to get this device off of my account? My PC's are secure and my primary PC is Linux.
Click to expand...
Click to collapse
I have the IMEI # of the phone added to my account, also the model number (registered in Russian Federation). Could the IMEI be useful? I can PM if interested.
Imeis are quite useful to many people...Just don't pursue this on xda.
Sent from my Galaxy Nexus using xda premium
My account too was almost hacked.
I signed into youtube and a notice was shown that someone from ip in china tried to log into my google account and it denied them and i changed my password. No weird apps nothing.
The thing is probably the app you downloaded.
Just because it has 100 downloads doesn't mean its malware but you need to check permissions always.
Even big games like "Paper Toss" has been know to sell peoples info to companies.
When you read permissions. There should be a list of all the options the app requests.
Be Smart. If you download a calculator, It shouldn't have access to your personal identy, messages and the big key is internet access.
If you download a calender it may need access to contacts but it it also needs internet access, its probably is storing your contacts and sending them out to a site that then sells to a company and lastly, your grandparents receive phone calls asking if they want to buy a service and use your name as who referred them.
Also. rooting is a good option. With an app on here called pdroid or droidwall you can download those apps but it will alert yyou when the app wants to use a permission (like internet) and gives you the option to allow or deny.
good luck
I have one update. I think that after I changed my password and went to two step verification, the purchases of "free" apps and media stopped. It's been four days and nothing new added. So far so good. Thanks for the replies. BTW, Google of no help.
I'd still like to know how the Gmail account was compromised - I may never know.
similar thing just happened to me (Galaxy Note) appeared on my account from no where. When I contacted google if they can help or if they are interested in tracking him down, all they said was we cant help you. And change the pw. Obviously I know that I need to change the pw. I know Apple would have tracked it down somehow if it was an iphone. My pw has 22 characters number letter symbols yet it was hacked.
Since google is not helping me I installed Android Lost app on this NOTE and waiting to get a location update via email. I know it wont do anything much and I cant do anything against him or her since no paid apps were downloaded. Still I would like to do something to crooks like this. He only had 6 apps installed (facebook,viber candy rush) and terminal emulator (which worried me).
I really hope that Android close their unlimited backdoors in the OS.

Stock Email App Notifications Problem

I have a new T-Mobile Galaxy S5. I'm using the stock email app with my organizations Exchange messaging system. My particular account has multiple folders with rules that route messages depending on the sender, pretty common for business users.
The problem is that when I receive two or more emails to any folder other than inbox the notification displays the wrong message. For example, if I get a couple of new emails to a folder called VIP the notification will indicate two new messages, so far so good. However, when I take a closer look the messages indicated are actually the newest from my inbox which could be hours or days old rather than the correct one just received in the VIP folder. It only happens when there are multiple notifications pending for a single account and only within the context of the notifications. If I go to the email app itself everything is where it should be.
Unless I'm missing something this is a huge flaw and I can't imagine how this could have escaped testing. I would very much appreciate if anybody could please advise.
Thank you
Kevin
Given that the problem is the type of notification, it's just as likely caused by the remote Exchange server as the email app. If you did a forum search to see if others are seeing the same problem, it would be a lot easier to discern a pattern.
If you want to expedite fixing (a possible) email bug, take the time to describe it well in a post to the Android /Google bug list. Or more expediently, try using a third party Exchange compatible mail app and see if that resolves the issue.
.
fffft said:
Given that the problem is the type of notification, it's just as likely caused by the remote Exchange server as the email app. If you did a forum search to see if others are seeing the same problem, it would be a lot easier to discern a pattern.
If you want to expedite fixing (a possible) email bug, take the time to describe it well in a post to the Android /Google bug list. Or more expediently, try using a third party Exchange compatible mail app and see if that resolves the issue.
.
Click to expand...
Click to collapse
I thought about the backend too but after so many years of using various phones and email clients with Exchange it seemed to me like it was the device. Sure enough, Nine, Touchdown and Mail Wise all work perfectly. Therefore, it’s likely an issue with the stock email app and an obscure one at that. I will pursue reporting the problem as you suggested and take up the matter with T-Mobile too. Searches on XDA and the internet turned up nothing but that could just be me missing something.
Thanks
kssm said:
I thought about the backend too but after so many years of using various phones and email clients with Exchange it seemed to me like it was the device. Sure enough, Nine, Touchdown and Mail Wise all work perfectly. Therefore, it’s likely an issue with the stock email app and an obscure one at that. I will pursue reporting the problem as you suggested and take up the matter with T-Mobile too. Searches on XDA and the internet turned up nothing but that could just be me missing something.
Click to expand...
Click to collapse
I'm not sure that complaining to TMobile will do much. But Google does take the Android bug list seriously. It sounds like you have a good handle on the issue now. Well done.
.
.

Categories

Resources