Hi, I've recently took a chance on a well priced midrange smartphone from Cubot, namely the X30 with 8gb ram 256gb rom and stock Android 10.. or so it seems.
The only app installed that wasn't a Google app is an app called Wireless Update, which connects with com.adups.fota. After some research I found many articles from 2017 saying that this update app is actually malware which could do a whole manner of nefarious things without the users knowledge or permission.
According to Cubot it's just the app that they use to push OTA to devices.
I've been using the phone for a few days now and haven't had any problems *yet* but I'm very wary about adding my banking apps etc.
I've scanned with Malwarebytes which shows no problems, but I've read elsewhere that because it's a system app, av products overlook it..?
Does anybody know or have experience that can help me please? Should I/could I return the phone on the grounds that it's infected? The Wireless Update app is apparently on many lesser known devices, do do you own one? Is this a threat, or is it largely overblown?
I've currently got the app 'frozen' through the screen time limiting function on Android 10 (it's allowed zero seconds per day) and I've restricted its permissions too.
Would appreciate any help please people ?
Thanks
RedHammer99 said:
Hi, I've recently took a chance on a well priced midrange smartphone from Cubot, namely the X30 with 8gb ram 256gb rom and stock Android 10.. or so it seems.
The only app installed that wasn't a Google app is an app called Wireless Update, which connects with com.adups.fota. After some research I found many articles from 2017 saying that this update app is actually malware which could do a whole manner of nefarious things without the users knowledge or permission.
According to Cubot it's just the app that they use to push OTA to devices.
I've been using the phone for a few days now and haven't had any problems *yet* but I'm very wary about adding my banking apps etc.
I've scanned with Malwarebytes which shows no problems, but I've read elsewhere that because it's a system app, av products overlook it..?
Does anybody know or have experience that can help me please? Should I/could I return the phone on the grounds that it's infected? The Wireless Update app is apparently on many lesser known devices, do do you own one? Is this a threat, or is it largely overblown?
I've currently got the app 'frozen' through the screen time limiting function on Android 10 (it's allowed zero seconds per day) and I've restricted its permissions too.
Would appreciate any help please people ?
Thanks
Click to expand...
Click to collapse
Hello man,
I' bought the 6/128 GB version instead of 8/256 GB 'cause I prefer to stock data in a Micro SD.
Anyway... At the moment, I've no info related to possible malware in the system, using Malwarebytes like u.
Just to inform u:
* TWRP recovery for Cubot X30 is already available (unofficial) BUT IT CANNOT MOUNT SYSTEM (so, no flash, no backup...)
* ROOT is already available for Cubot X30, u need simply to unlock bootloader and flash Magisk patched BOOT.IMG
:good:
PYCON said:
Hello man,
I' bought the 6/128 GB version instead of 8/256 GB 'cause I prefer to stock data in a Micro SD.
Anyway... At the moment, I've no info related to possible malware in the system, using Malwarebytes like u.
Just to inform u:
* TWRP recovery for Cubot X30 is already available (unofficial) BUT IT CANNOT MOUNT SYSTEM (so, no flash, no backup...)
* ROOT is already available for Cubot X30, u need simply to unlock bootloader and flash Magisk patched BOOT.IMG
:good:
Click to expand...
Click to collapse
Thanks for the info. I've been slowly (they've taken 12 days to reply) talking with Malwarebytes Antimalware through email about this. Here's their most recent reply.
Quote
"Derek (Support)
Nov 13, 2020, 10:15 PST
Hello,
My name is Derek. I will be helping you with your ticket # 3252842.
We have seen an increase in Android devices coming with pre-installed malware. For additional information on this malware, please refer to our blog post provided below.
blog.malwarebytes com/cybercrime/2019/01/the-new-landscape-of-preinstalled-mobile-malware-malicious-code-within/
Due to the security within the Android OS by default system apps can not be removed by 3rd party apps including Malwarebytes.
I have provided some methods of removing or disabling system malware below:
- Disable the app – Can be done via Android Settings -> Apps -> bad app -> Force stop/disable or through adb command line. Which can be found on our forum at the link below.
This will prevent the app and any associated services from running.
//forums.malwarebytes com/topic/216616-removal-instructions-for-adups/?tab=comments#comment-1190826
Note: Proceed at your own risk! I, nor Malwarebytes, can guarantee this will not damage your mobile device. Uninstalling system apps have the potential to permanently damage your device, rendering it unusable.
- Root your device and uninstall the malicious apps. Usually reserved for advanced users. I can't recommend rooting because of the potential for damaging phone, and doing so is at your own risk.
- Install different, trusted, ROM to replace the infected one. Usually reserved for advanced users, this requires your device is rooted, please do at your own risk.
- Return device where purchased.
I wish there were more options but where Android's openness and built-in security collide; openness, anyone can flash a device with a custom ROM, security, you can't uninstall system apps.
Kind regards,
Derek S. | Malwarebytes Support | support.malwarebytes.com"
I've sent them info through the app about all the installed apps etc but they seem to have just written me a generic reply, linking to an old fix for Android 6... I've asked for more info and will update their replies here
Hopefully someone from XDA will be able to help too.
P.S. I've had to remove a dot from the links they sent, as this is a new XDA account and I can't post links yet.
Wireless update, malware, bloatware.
I brought a Homtom 17 pro about 4years ago and I'm using it to send this reply, the app in question is indeed Malware as my phone came with it pre-installed, but here's the catch it doesn't kick in until either 6 or 12 months after the phone being activated and then it starts to install bloateware , e.g random apps called setting or other named apps you wouldn't look at twice and think they have always been there (popup ads), it communicates with China? Or that global area. It's been along time since I researched this so the country may differ. When I found this out I instantly installed Adguard to prevent Wireless update + some other system apps from communicating with the web and I have had no problems since. Obviously you can go down the roots Malware bytes said but you could brick your phone or root it, and many official apps nowadays don't like rooted phones. I hope this helps and sorry for the long reply.
PYCON said:
Hello man,
I' bought the 6/128 GB version instead of 8/256 GB 'cause I prefer to stock data in a Micro SD.
Anyway... At the moment, I've no info related to possible malware in the system, using Malwarebytes like u.
Just to inform u:
* TWRP recovery for Cubot X30 is already available (unofficial) BUT IT CANNOT MOUNT SYSTEM (so, no flash, no backup...)
* ROOT is already available for Cubot X30, u need simply to unlock bootloader and flash Magisk patched BOOT.IMG
:good:
Click to expand...
Click to collapse
Very good to know that there is already a root method. I created an account just to ask for your help. Can you give me more details? I've tried everything.
aboy2020 said:
Very good to know that there is already a root method. I created an account just to ask for your help. Can you give me more details? I've tried everything.
Click to expand...
Click to collapse
Sure, about root?
RedHammer99 said:
Thanks for the info. I've been slowly (they've taken 12 days to reply) talking with Malwarebytes Antimalware through email about this. Here's their most recent reply.
Quote
"Derek (Support)
Nov 13, 2020, 10:15 PST
Hello,
My name is Derek. I will be helping you with your ticket # 3252842.
We have seen an increase in Android devices coming with pre-installed malware. For additional information on this malware, please refer to our blog post provided below.
blog.malwarebytes com/cybercrime/2019/01/the-new-landscape-of-preinstalled-mobile-malware-malicious-code-within/
Due to the security within the Android OS by default system apps can not be removed by 3rd party apps including Malwarebytes.
I have provided some methods of removing or disabling system malware below:
- Disable the app – Can be done via Android Settings -> Apps -> bad app -> Force stop/disable or through adb command line. Which can be found on our forum at the link below.
This will prevent the app and any associated services from running.
//forums.malwarebytes com/topic/216616-removal-instructions-for-adups/?tab=comments#comment-1190826
Note: Proceed at your own risk! I, nor Malwarebytes, can guarantee this will not damage your mobile device. Uninstalling system apps have the potential to permanently damage your device, rendering it unusable.
- Root your device and uninstall the malicious apps. Usually reserved for advanced users. I can't recommend rooting because of the potential for damaging phone, and doing so is at your own risk.
- Install different, trusted, ROM to replace the infected one. Usually reserved for advanced users, this requires your device is rooted, please do at your own risk.
- Return device where purchased.
I wish there were more options but where Android's openness and built-in security collide; openness, anyone can flash a device with a custom ROM, security, you can't uninstall system apps.
Kind regards,
Derek S. | Malwarebytes Support | support.malwarebytes.com"
I've sent them info through the app about all the installed apps etc but they seem to have just written me a generic reply, linking to an old fix for Android 6... I've asked for more info and will update their replies here
Hopefully someone from XDA will be able to help too.
P.S. I've had to remove a dot from the links they sent, as this is a new XDA account and I can't post links yet.
Click to expand...
Click to collapse
Thank you for this piece of information.
Related
Hi all, when I bought the Lenovo A916 phone from www.lightinthebox.com it came with spyware included in the Stock Rom(which had been modified by 3rd party), impossible to get rid of unless you root the phone, because its located in system files.
Beware, if you do a factory reset the spyware will be back! Also, do NOT use your phone for banking or anything else with passwords, before you have removed the spyware since it contains a keylogger!
You can flash it with new Rom(also known as Firmware) or a clean Stock(original) Rom - that will remove the spyware. You have to be rooted for this to work.
Right now my phone has A916_S1205_141013 rom - below there is a link to this Rom - its multilingual - I have not yet had the time to try it myself and don't know if its clean.
http://firmwarefile.com/lenovo-a916
I have removed all the spyware, after I rooted my phone, and its working as it should - But as I said earlier, the spyware will return if I do factory reset.
If you bought this phone on the net like most of us, then I suggest that you install the following and scan for spyware. Take note, that the spyware is not from Lenovo!
Avast, Avira, ESET, 360 security, Malwarebytes - use all of them, since there are always something one don't find but the other one will.
Be aware that something can go wrong, and I'm not responsible for you trying this out.
The best way to root is Kingo root. But first, attach your phone to your PC/laptop(make its connected to the internet) and on the phone choose MTP, now the phone will install drivere for its first use - this is important!
Then you click the icon in the notification area in windows, to dissconnect usb devices and dissconnect your phone. Wait a few min, - then re-connect and this time (on he phone) choose the last option which say something like "Virtual CD". If autorun is enabled on your pc, you will then get an option to browse this virtual CD - do so!
Copy the content of the virtual CD to a new folder on your pc, then run and install LenovoUsbDriver_autorun_1.0.12.exe - this is important. Don't bother with the other things there since its in chinese.
Then get Kingo root from here:
http://www.kingoapp.com/android-root.htm
Click to download it from CNET, be aware that it might get caught by your antivirus - not that it contains virus, but because its used to root phones. If it got to you pc safely, then run it and it will download the real rooting software - make sure to say NO/Decline/uncheck to any offer that comes up(like install Yahoo). Stupid and annoying way CNET try to impose their stuff onto people.
Now, the real software has been downloaded(android_root.exe) - run it and follow the guide. There are also a guide on Kingo root's webpage.
After you have rooted your phone, run the antivirus Apps again, this time you will be able to remove some but not all of the spyware. Make a list of those you can't remove - then go to the superuser app you can remove the software that contains spyware and cannot be cleaned otherwise. Be careful what you remove.
I found spyware in these and removed with the supeuser app
Trojan.Agent.mq in /system/app/CallerID.apk
PUP.Adware.ShinyMob.a in /mnt/sdcard/funweather.apk
Backdoor.Ginmaster in /system/app/Weatherservice_K517_u002_20140910.apk
Trojan.Fadeb.a in /system/app/Twitter_qd_3025.apk
Do NOT remove the ThemeCenter app!! Its used its used by the system to set wallpaper. If it has spyware then you can remove it and replace it with the one in this post:
http://forum.xda-developers.com/showpost.php?p=63651753&postcount=42
Good luck!
JBJ
Moderator, please don't remove any of this - Its super important!
If someone has suggestion or tips to this thread then please PM me an I can insert it with credit in the 1st post!
I don't have any direct experience with this device, being in the USA, but this seems like it might work http://www.needrom.com/download/lenovo-a916-multilang-root-gapps/ .
I don't have any direct experience with this device, being in the USA, but this seems like it might work http://www.needrom.com/download/leno...ng-root-gapps/ .
Click to expand...
Click to collapse
Hi and thank you for the answer, I have looked at these already, but the authors seem not to want to answer questions on if this is clean.
EDIT: this is obsolete now - please read at 1st post!
EDIT: this is obsolete now - please read at 1st post!
Moderator: Is there a way to delete ones own post?
insomniacno1 said:
EDIT: this is obsolete now - please read at 1st post!
Moderator: Is there a way to delete ones own post?
Click to expand...
Click to collapse
Hello I have a Lenovo A916 and im planing on rooting it and installing a vanilla version of android on it to get rid of the bloatware it contains
I was thinking of using the rom you just shared but after seeing your comment about "this is obsolete now" I have now to ask you what do you mean by obsolete? the rom link didnt turn out to be safe or something?
ok so i bought the infocus m560 (m808/v5) from ebay. uk warehouse chinese seller.
When it arrived the box was unsealed however the excuse for this could be the seller removed the eu plug and put in a uk one.
as soon as i booted it up I ran malware bytes which came back clean but on browsing through settings - apps I notice something called pandoras box & pandoras box services. the second one has permissions to everything. I cannot uninstall or disable either. These seem to serve no relevance to the phone. I believe it is disguised malware.
someone on another forum reccomended netguard which i dowloaded and tried but as soon as I disable internet access for PB &PBS it AUTOMATICALLY disables web access for a lot of other things, I cannot have only PB & PBS selected.
I've been told that it seems that PB/PBS is running as a system process therefore any unrooted app won't affect it.
I read you can uninstall malware by booting into safe mode but i'm not sure if that will work in this instance?
I can find original stock rom for the m560 which doesnt seem to require root to flash - i could try flashing this which would solve the problem IF it was the 3rd party seller that added the malware, but wont if it was the manufacturer and I don't think there is any way to tell? - i can put a link to the page with the stock rom if anyone wants to check its ok
aside from the above my only other option is to root. I have never rooted before. I am a total noob. I've read the process but parts of it i dont fully understand. I do not want to brick the device. I would possibly be willing to give it a go if someone can provide step by step almost fool proof instructions/a clear guide. I've had a look for rooting on m560 and I think there are a few options available - if someone could be as kind to tell me which would be easiest
any other suggestions/solutions welcomed.
I can submit any screen shots if nescessary.
thanks for reading
Hi.
I do not know in which sub forum must post this request. please move this request to associated sub forum.
problem about galaxy tab a t285
Please teach, how we can:
1) root
2) unroot
3) how to unlock external sd card for APPs
Thanks
Hi,
I just purchased this tablet. I've search the web but am unable to find a method to root this device. Any pointers would be greatly appreciated.
Thanks.
Galaxy Tab A (2016) SM-T285
venomrat said:
Hi,
I just purchased this tablet. I've search the web but am unable to find a method to root this device. Any pointers would be greatly appreciated.
Thanks.
Click to expand...
Click to collapse
I made a similar assuming that I can still root and install custom rom on Samsung device and went ahead with the purchase of the same machine--the cheaper 8 gigs model that came with 7 of those 8 gigs already used by core files, and manufacturer apps which are basically bloatware. I didn't even bother to ask the dealer because I just figured ROOT and problem solved. Unfortunately not. After going through the usual developers sites, I am reading that new Samsung devices are distributed with the Bootloader being locked. Until there is a solution to unlock the bootloader, then I am assuming we can't do anything about this. If not, my questions is: Is there any way to reformat/reinstall or some method of getting those precious memory back? Taking up 7 of the 8 gigs is absurd.
All the apps I've installed have been moved to the external SD. However, the Internal memory still show: Apps 2.9GB, Others: 4.06GB (only showing 550MB thumbdata, DCIM 552MB) which tells me Samsung has installed bloatware that doesn't show up on the cleaning/maintenance apps available in the PlayStore. There must be something that can be done--anyone have a suggestion?
I'm facing the same problem too.
Why would Samsung had such device?
I had actually moved away from Samsung but last month bought this SM-T285 just to play games.
Only manage to keep few games and has the notification "Storage space running out some system functions may not work" permanently lighted.
typical consumer I am...
jkgtan said:
I'm facing the same problem too.
Why would Samsung had such device?
I had actually moved away from Samsung but last month bought this SM-T285 just to play games.
Only manage to keep few games and has the notification "Storage space running out some system functions may not work" permanently lighted.
Click to expand...
Click to collapse
So as a typical consumer without an alternative of rooting, I decided to play their game--move the Apps to the SD card using the options in /Settings/Apps --this is the most helpful. Then also using a maintenance/ clean up app to complement Smart Manager is also helpful. Smart Booster is one I use. There are "bloatware" apps Samsung installed on the phone that you can uninstall and disable. This helps to. Using all of the above methods, I was able to retrieve an additional 1Gb back! It's a big deal when dealing with this device.
Please keep nagging Samsung about this-- We want the bootloader unlocked because by locking it up they are essentially slowing down progress--right?
:highfive:
Post your queries here:
http://forum.xda-developers.com/t/galaxy-tab-a
This device cannot be rooted at the moment.
All my methods have been unsuccessful so far due to the locked bootloader and Samsungs root restrictions.
However I have a customized debloated rom available.
If there is something specific you require in this rom post at the link above.
---------- Post added at 01:43 PM ---------- Previous post was at 01:42 PM ----------
bking43 said:
So as a typical consumer without an alternative of rooting, I decided to play their game--move the Apps to the SD card using the options in /Settings/Apps --this is the most helpful. Then also using a maintenance/ clean up app to complement Smart Manager is also helpful. Smart Booster is one I use. There are "bloatware" apps Samsung installed on the phone that you can uninstall and disable. This helps to. Using all of the above methods, I was able to retrieve an additional 1Gb back! It's a big deal when dealing with this device.
Please keep nagging Samsung about this-- We want the bootloader unlocked because by locking it up they are essentially slowing down progress--right?
:highfive:
Click to expand...
Click to collapse
Not sure why you state this device takes up 7gb of its storage as it doesn't take anywhere near that as stock on the T280.
Hey guys, how are y'all doing?
Here's a little background on my problem:
A year ago bought a cheap-ass smartphone for my mom, from a big supermarket chain in my country that was selling french phones cheaply, it was only 60€ and my mom needed a phone, so there it is!
Anyway cut to the present, the phone is riddled of what I suspect is malware that installs itself as soon as I remove it such as Free Games, com.google.toolkit, MiniChrome, N62Androidpt, System Component, adservice, and a couple others.
It also keeps switching wi-fi off, and turning on that option that allows apps to be installed from unknown sources, and worst of all it keeps opening the phone in built browser with adds, and even porn sites on occasion, which is really not desirable as my very young aged nieces love stealing the phone and try to use it.
I installed malwarebytes, also did a factory reset to no avail it fixed nothing.
So I decided to flash a stock rom to see if I could get rid of it, searched around and found a repository of stock roms or firmwares or whatever it's called (I'm not too familiar with this side of smartphones), which I'd love to post, but apparently can't because I've last than 10 posts: doc-doapi.com/EM/selecline/smartphone/
It has a lot of roms for different models of my brand.
Used the UpgradeDownload - R2.9.2015 tool that was in that folder and flashed it successfully.
After I turned on the device it opened the new phone setup process, logged in to my google account, and restores my stuff like contacts, and a few trusted google apps from before the flash, but it soon started again to install those malware apps I stated up there on it's own, and it was soon in the same state as before...
Anyway here's some info about my phone that probably should've gone to the top.
It's a Selecline phone
Model S4S5in3g
Android version: 5.1
Kernel version: 3.10.65
Compilation number: S3S5in3g.V1.2_20160307
At the back it has a sticker and another model number 870712 which I used to find the folder on that repository of stock roms.
And that's all in a big nutshell, anyone has any tips?
Thanks.
lil' bump
Do you have login credentials for this Auchan website where you found the ROMs? It is asking for a login ID and password. I need ROM for Model S6S5IN3G.
Quick tip for getting rid of Malware even before they start. Go to Settings and check Data Usage. See which apps are using lots of data (downloading junk into your device). Note if there are any strange sounding apps that are downloading a lot of data, especially if it is not an app that you yourself were directly using.
Next, flash the stock ROM again. Once you flash the new ROM, you have to find a way to root the device. Try KingRoot. Then after the phone is rooted, go to Playstore and download SD Maid. Run SD Maid and give it root access. In the settings for AppControl of SD Maid, allow it to show system apps. Then run app control and freeze any strange-looking user apps (or anyone that was downloading a lot of data) and system app that are not required.
Please, let me know about the website and how to access the ROMs.
As mentioned before, install a clean room again. Copy virustotal app from the attachment of these post (https://forum.xda-developers.com/showpost.php?p=77053739&postcount=11) to SD-card and install it. Turn wifi on and let it run. Control every app and the system-apps. Post a screenshot of the findings. If there are findings, then the room is infected. The only way to deal with this, is to root it, install rootexplorer an kill the infected app. This can be dangerous, if for example, the lauchner is infected, an alternative launcher must first be installed and set as default, before you can kill the infected one (otherwise you will own a useless phone until you flash it again ;o).
Hey guys, thanks for trying to help.
I tried literally everything before, I've even somehow got a kitchen up and running and I removed everything that looked suspicious and all those bran add-ons from the rom, but even then I'd still get infected.
I didn't really try the antivirus route though and to be honest I already shelved that phone, but I'm kinda bored, so I'll try y'all suggestions, an extra working phone can always come in handy.
CVAngelo said:
Do you have login credentials for this Auchan website where you found the ROMs? It is asking for a login ID and password. I need ROM for Model S6S5IN3G.
Click to expand...
Click to collapse
I'd love to help you mate, I found that repository in a forum maybe forum.gsmhosting, and I've tried to access it earlier, and I'm also denied access.
Redmi 4x satoni(not rooted or flashed)
Is there any way to detect root by exploit, apps like Kingo root and king root and many other one click root apps do this kind of thing where they use and exploit in the Android system and root the phone using it and similarly a malware can do the same?
(I'm assuming this is what it is)(spear phishing)
Can an apk file really gain root access and rewrite your device's rom with a malware in it, is that a thing?
I have installed a third party app where it just disappeared into the background(most likely social engineering) and I tried all avs but it came clean even went into safe mode and settings and tried app managers and settings but all failed
Next I tried the factory reset and the symptoms still persists
Note that I have created new accounts and changed passwords and have MFA on but is there any way for it to reinfect because I'm using the same device to create the new account?
Like is it because it infected my google access or something to come again after factory reset
Thanks
If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.
V0latyle said:
If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.
V0latyle said:
If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
No I think I misunderstood there were two apps that I downloaded one disappeared into the back ground (which is causing more havoc) and is undetectable by android avs and i m having trouble removing(got from a sketchy link from my gf)
The second app was just an Instagram app follower which ran in the background and I could uninstall directly(got from playstore)
I want to know how to detect and remove the first one
alokmfmf said:
got from a sketchy link from my gf
Click to expand...
Click to collapse
That's why one should always use protection.
alokmfmf said:
The second app was just an Instagram app follower which ran in the background and I could uninstall directly(got from playstore)
I want to know how to detect and remove the first one
Click to expand...
Click to collapse
What makes you think the first app is still there? If you've performed a factory reset, it's gone - unless it downloaded again when you restored your Google account to your device.
Are you sure you're not mistaking a built-in app?
alokmfmf said:
Is there any way to detect root
Click to expand...
Click to collapse
Yes, almost every banking / payment app does it.
V0latyle said:
That's why one should always use protection.
What makes you think the first app is still there? If you've performed a factory reset, it's gone - unless it downloaded again when you restored your Google account to your device.
Are you sure you're not mistaking a built-in app?
Click to expand...
Click to collapse
Yes I'm sure as my accounts getting hacked my personal media getting leaked permissions asked repeatedly and sim getting disabled
Also I'm trying not to log in to my google account and see how that works
Although I have tried to make new accounts from scatch and start from a clean new slate from factory reset it it may be the device itself I'm afraid
Social engineering-spear phishing(I think)
Redmi4x satoni
I was asked to click on a link and download an apk by my girlfriend and as soon as I downloaded it, it disappeared and I was asked to delete the apk
(I do not have access to the link also)
Later I realized that it tracks permissions, media and keyboard(except of exactly who I'm texting to because of android sandbox)
I tried FACTORY RESET but the symptoms still persisted (like getting hacked again and my private info getting leaked,sim deduction and detection of sim card and permissions being asked again and again even though I allowed it)
I checked all the settings of my phone and nothing is abnormal(I'm not rooted)
Is it possible that a used account could somehow transmit virus because I had a nasty malware on my phone so I factory reset my phone but the symptoms still remain so I used a new google account and others also but it still comes back so I'm guessing its the kernel or the ROM that got infected
I tried all avs but they all came clean and I'm certain that my android is infected with something
First and foremost I need to know how to DETECT the malware (to know which app is causing this)
And second how to REMOVE the malware
Thanks.
Which OS version? If not running on Pie or higher it's suspectable to the Xhelper family of partition worming malware
Yeah sounds like you got a worm... nasty critters.
A reflash may be the best option although if it is Xhelper it can now be removed without a reflash.
You are what you load
blackhawk said:
Which OS version? If not running on Pie or higher it's suspectable to the Xhelper family of partition worming malware
Yeah sounds like you got a worm... nasty critters.
A reflash may be the best option although if it is Xhelper it can now be removed without a reflash.
You are what you load
Click to expand...
Click to collapse
Yes I know I made a stupid decision its completely my fault I tried using the xhelper method but it comes clean I assume there is only one method that involves disabling the play store
I run on miui 11 nougat 7
Any methods to detect and remove the malware are welcome
And about reflashing its very complicated for mi phones most
alokmfmf said:
I run on miui 11 nougat 7
Any methods to detect and remove the malware are welcome
And about reflashing its very complicated for mi phones most
Click to expand...
Click to collapse
Reflash it to stock firmware. If you can upgrade to Android 9 consider doing so for security purposes. It may have performance/functionality drawbacks though for your application though, not sure as I never used 6,7 or 8.
Make sure you reset all passwords, keep social media, sales and trash apps off the phone. Always keep email in the cloud ie Gmail or such.
Run Karma Firewall. Be careful what you download and especially install... don't sample apps unless you have a real need for that particular app. Once installed don't allow apps to update as they may try to download their malware payload, a way to bypass Playstore security.
blackhawk said:
Reflash it to stock firmware. If you can upgrade to Android 9 consider doing so for security purposes. It may have performance/functionality drawbacks though for your application though, not sure as I never used 6,7 or 8.
Make sure you reset all passwords, keep social media, sales and trash apps off the phone. Always keep email in the cloud ie Gmail or such.
Run Karma Firewall. Be careful what you download and especially install... don't sample apps unless you have a real need for that particular app. Once installed don't allow apps to update as they may try to download their malware payload, a way to bypass Playstore security.
Click to expand...
Click to collapse
Will not logging in my google account help
alokmfmf said:
Will not logging in my google account help
Click to expand...
Click to collapse
No. The malware is in the phone apparently in the firmware.
blackhawk said:
No. The malware is in the phone apparently in the firmware.
Click to expand...
Click to collapse
I disagree, unless Xiaomi/Redmi's AVB/dm-verity implementation is useless, it should prevent a persistent rootkit.
I suspect this has little to do with the phone and more to do with reused passwords and other "organic" security failure.
V0latyle said:
I disagree, unless Xiaomi/Redmi's AVB/dm-verity implementation is useless, it should prevent a persistent rootkit.
I suspect this has little to do with the phone and more to do with reused passwords and other "organic" security failure.
Click to expand...
Click to collapse
You're probably right. Forgot it was running 11... lol, organic security failure, I like that
blackhawk said:
You're probably right. Forgot it was running 11... lol, organic security failure, I like that
Click to expand...
Click to collapse
The security measures that prevent persistent rootkits have been in place long before Android 11.
The most common root cause of a breach of security is the failure to ensure sufficient security in the first place. Simple passwords, reused passwords, no MFA, connected accounts, etc. Yes, there are plenty of Android viruses out there, but all of them "live" in the user data space. Of course, there may be unpatched exploits that allow root access, but these must be exploited every time the app is run. An app cannot modify the boot or system partitions without tripping AVB (if the bootloader is locked) whereupon the device would warn that the OS is corrupted.
At the end of the day, it's much much easier to simply use social engineering or other methods to gain someone's credentials, rather than trying to hack their device.
V0latyle said:
The security measures that prevent persistent rootkits have been in place long before Android 11.
Click to expand...
Click to collapse
Yeah Android 9 was where the hole for the Xhelper class of rootkits was plugged for good. It runs securely unless you do stupid things. This phone is running on that and its current load will be 3 yo in June. No malware in all that time in spite of the fact it's heavily used. It can be very resistant to attacks if set up and used correctly.
V0latyle said:
The most common root cause of a breach of security is the failure to ensure sufficient security in the first place. Simple passwords, reused passwords, no MFA, connected accounts, etc. Yes, there are plenty of Android viruses out there, but all of them "live" in the user data space. Of course, there may be unpatched exploits that allow root access, but these must be exploited every time the app is run. An app cannot modify the boot or system partitions without tripping AVB (if the bootloader is locked) whereupon the device would warn that the OS is corrupted.
Click to expand...
Click to collapse
I was initially thinking his was running on Android 8 or lower. Forgot On Android 9 and higher (except for a big hole in Android 11 and 12 that was patched if memory serves me correctly) about the only way malware is getting into the user data partition is if the user installs it, doesn't use appropriate builtin settings safeguards or by an infected USB device. Any phone can be hacked if the attacker is sophisticated and determined enough to do so... in my opinion. Even if this happens a factory reset will purge it on a stock phone unless the hacker has access to the firmware by remote or physical access. Never allow remote access to anyone...
V0latyle said:
At the end of the day, it's much much easier to simply use social engineering or other methods to gain someone's credentials, rather than trying to hack their device.
Click to expand...
Click to collapse
Lol, that's what social media is for
blackhawk said:
No. The malware is in the phone apparently in the firmware.
Click to expand...
Click to collapse
OK thanks for helping its been good
alokmfmf said:
OK thanks for helping its been good
Click to expand...
Click to collapse
You're welcome.
I retract that (post #12) as I forgot it is running on Android 11. Like V0latyl said it's probably the password(s) that were compromised if a factory reset didn't resolve the issue other than the exceptions I stated in post #16.
Also i found this on the net if that helps with the situation
Be especially wary of spear phishing. Do not click on any weird link sent by your closest friends, or if you feel compelled to do so, open it from a tightly secured operating system (a fresh VM) where you have never logged in to your social networks.
And
Factory resets are not enough to santitize the device.
Also I'm a bit scared as some people on the net have told that in some cases that even a flash might not wipe it as it resides in the boot logo or some places where flashes do not reach or in flash ROMs chips(but of course this is all very rare)
I am very fascinated and would like to learn more about it any suggestions would be helpful