Vírus infection - Android Q&A, Help & Troubleshooting

first i'm sorry if i'm on the wrong topic.
I installed an application to test (pirate) and I believe I caught some type of malware.
Even restoring the device it is slow.
My device is SM-J510MN, Android 7.1.1 without root.
Before installing Android he warned me that the App could track me. Any solution?

Falling.down said:
first i'm sorry if i'm on the wrong topic.
...
Before installing Android he warned me that the App could track me. Any solution?
Click to expand...
Click to collapse
Did you tried factory reset? Most malwares disappears that way, but if it elevated privilege and installed itself as system, you're screwed.
First try to reboot in safe mode, and see if the app is still here.

Raiz said:
Did you tried factory reset? Most malwares disappears that way, but if it elevated privilege and installed itself as system, you're screwed.
First try to reboot in safe mode, and see if the app is still here.
Click to expand...
Click to collapse
Hello, thanks for replying.
The application is no longer installing but the device is very slow.

Falling.down said:
Hello, thanks for replying.
The application is no longer installing but the device is very slow.
Click to expand...
Click to collapse
It must have installed some others apps in the background or something in those lines, try safe mode and see if it's still slow.
Edit#1: You also might want to see which account were connected to this device, they might have been compromised, and you should change password ASAP just to be sure

IMHO an Android phone or tablet can be classified as slow, if it's taking longer than the usual time to open apps and if you can clearly notice a delay while switching between screens. In case of installed malware, then if the malware tries to perform somewhat intensive tasks on your phone or tablet, you may find that your device begins to slow down as it takes up processing power to do its job. This results in slower loading, apps hanging, and long boot times. It may also cause interruptions and other weird occurrences while making a phone call.
BTW:
One easily can check in real-time what apps/services are running ( plus their priority ) to find any bottlenecks by means of ADB, i.e. running
Code:
adb devices
adb shell "top <options>"
More info here:
What You Need to Know About Commands in Windows
A command is a specific instruction given to a computer application to perform some kind of task or function. Here's more on the different Windows commands.
www.lifewire.com

Related

Sudden Slow problems

Evening everyone,
For the past 7-8 days i've been having problems with my hero..it became REALLY slow all of a sudden... way more than before..apps have the usual "lag" that well you know lag once a while (only a bit more often)
I tried re-installing my Modaco 3.0, no results..Tried to install modaco 3.1 and villain 2.1 and i had the same "lag".. is it the apps that cause it? the more apps i have installed the laggier it will be? I have around 150 *maybe less maybe more, dont got the phone with me atm*
And on taskiller, advanced task killer and advanced task manager it used to show me the free memory or wtvr 100-120 after every end task..now it starts from 70 and a few seconds after i kill all apps it drops down to 35-40 :S
thx in regards
bump :/ no1?
did you check logcat when the lag occurs?
kendong2 said:
did you check logcat when the lag occurs?
Click to expand...
Click to collapse
nop?;o how do i do that?
you need adb working for that, check some tutorials.
then connect the usb cable, restart the phone and execute "adb logcat" on your pc. you can redirect the output with "adb logcat > logcat.txt", so you can check it in detail or attach it here.
kendong2 said:
you need adb working for that, check some tutorials.
then connect the usb cable, restart the phone and execute "adb logcat" on your pc. you can redirect the output with "adb logcat > logcat.txt", so you can check it in detail or attach it here.
Click to expand...
Click to collapse
i never got adb to work properly ;/ any other ideas?
bump..anyone?its getting slower and slower :S i cant even listen to music now..and i even uninstalled 20+ apps..
You've already been given advice - get ADB working so you can post your logcat. Without more information, it's doubtful that anyone will be able to help you.
One question though - have you tried wiping and setting up your phone from scratch?
Regards,
Dave
yes i tried wiping my phone..even re-installed my modaco rom twice and tried a different rom aswell..and modaco rom 3.0 (prefer 2.9)
and i cant get adb working it keeps saying no access or something like that
i cant even listen to music now bcz the sound gets f***ed up..
Have a look at the services you're running.
You asked whether the more apps the slower your device is.
And the answer is yes.
So, you can always try new apps, but useless ones should leave(even with an app2sd, that'll allowed to to keep tons of apps).
I don't think it'll be very hard, Android uninstall apps fast and easily, not like WM based ones.
Shei77 said:
and i cant get adb working it keeps saying no access or something like that
Click to expand...
Click to collapse
If you want help with this issue, you need to list out precisely what you have tried, and precisely what messages/errors are returned - "no access or something like that" is about as useful as a chocolate teapot when it comes to trying to diagnose your issue!
Regards,
Dave
thx for the answers...
i cant remember what exact error adb was giving me and i cant check it until tonight when i have some spare time...
also i keep task killing and there is no difference... nor with uninstalling :/ appmanager says i have 127 apps :/
hello again people
i currently dont have my computer (thats why i didnt try the adb)
but i have tried some things a m8 told me too and thats dalvik cache wipe and moving log(something) to SD.. i did that and i lost 80MB of INTERNAL memory and my lock screen..i cant drag it down anymore..i have to press menu twice...
but my phone is now faster although WAY slower when writing....
i'll try the adb shell as soon as i get my pc back from the technician!
thx a lot in advance!

Nokia 8 apps that are turned off suddenly turn back on by themselves

my phone has been doing weird stuff lately like apps that i specificaly turned off will now turn on by themselves, my battery drains faster too, getting more calls from a "private number".
i updated my phone to the latest update and it runs android 9 pie.
all apps are up to date aswell. i check that often.
i scanned with malwarebytes but it found nothing suspicious.
bootloader is locked aswell. not rooted.
any ideas about what might be happening or how to fix this?
thanks in advance.
If you turn off an user-app it only gets stopped for the time you have Android actually running. When you restart Android then it's brought back to life again.
jwoegerbauer said:
If you turn off an user-app it only gets stopped for the time you have Android actually running. When you restart Android then it's brought back to life again.
Click to expand...
Click to collapse
I have this phone for like 2 years now, those apps that i disabled have remained disabled for 2 years now even when i restart phone or shutdown and boot up again. now suddenly 3 of them enable themselves while i am not doing anything.
1: Youtube app
2: Google News app
3: Google Photo app.
These apps were disabled for at least 2 years. i have no clue how they can re-enabled themselves without me pushing the enable button.
@Smiley93
Oops, I was mistaken, sorry for this.
jwoegerbauer said:
@Smiley93
Oops, I was mistaken, sorry for this.
Click to expand...
Click to collapse
no need, i am glad you tried to help. maybe it sounds a bit dull but it has been like this for a whole week now where i have to make sure i dont update these apps and disable them first before using google play to update all apps.
i changed launcher now to Evie launcher. maybe that work since these apps dont enable themselves for a full day now.
seems like its still going even after launcher change. its only those 3 apps that were disabled and now get enabled automatically.
Why not simply uninstall the apps in question?
jwoegerbauer said:
Why not simply uninstall the apps in question?
Click to expand...
Click to collapse
those are system apps and i dont have root since the bootloader is locked. so i cant freeze/uninstal them.
Smiley93 said:
those are system apps and i dont have root since the bootloader is locked. so i cant freeze/uninstal them.
Click to expand...
Click to collapse
You can disable them with adb commands. It effectively hides them. When done right the system no longer sees them as installed or running and they dont get updates from the play store anymore. Should sort out your problem with them re-enabling automatically. Not sure if you have done this already,but if not,give it a try.
Trace.Oneil said:
You can disable them with adb commands. It effectively hides them. When done right the system no longer sees them as installed or running and they dont get updates from the play store anymore. Should sort out your problem with them re-enabling automatically. Not sure if you have done this already,but if not,give it a try.
Click to expand...
Click to collapse
Oke i have not tried it via adb, what i recently tried tho was unlocking my bootloader, but in adb my phone was only detected in normal usage mode where all the apps are, but in downloadmode it disapeared, even with the right driver installed.
So i have to run a few codes via adb when my phone is turned on with all the apps visible?
Smiley93 said:
Oke i have not tried it via adb, what i recently tried tho was unlocking my bootloader, but in adb my phone was only detected in normal usage mode where all the apps are, but in downloadmode it disapeared, even with the right driver installed.
So i have to run a few codes via adb when my phone is turned on with all the apps visible?
Click to expand...
Click to collapse
Yes,connect your phone powered up to your usb port of your laptop or p.c. and open adb command. Then run the command adb devices to make sure adb picks up your phone. If it does,you are good to go. Do you know how which command lines to run etc to uninstall apps in adb?
Trace.Oneil said:
Yes,connect your phone powered up to your usb port of your laptop or p.c. and open adb command. Then run the command adb devices to make sure adb picks up your phone. If it does,you are good to go. Do you know how which command lines to run etc to uninstall apps in adb?
Click to expand...
Click to collapse
i have not done it with adb so far so i dont know the codes, is there a guide somewhere?
Yes,there are posts all over XDA about it and you can also search the internet. Just type in how to uninstall bloatware without ro6t with adb command
Trace.Oneil said:
Yes,there are posts all over XDA about it and you can also search the internet. Just type in how to uninstall bloatware without ro6t with adb command
Click to expand...
Click to collapse
Bloatware is stored in Android OS partitions /system and/or /system-priv. Hence one needs ROOT privileges to remove it.
jwoegerbauer said:
Bloatware is stored in Android OS partitions /system and/or /system-priv. Hence one needs ROOT privileges to remove it.
Click to expand...
Click to collapse
Yes,to remove the app and its files entirely root is needed. If you bothered to read the post,he is battling to keep the apps disabled. And by disabling them with adb the way i suggested,it should fix the problem for him.
@Trace.Oneil
ROFL
FYI: I simply refered to your post
Yes,there are posts all over XDA about it and you can also search the internet. Just type in how to uninstall bloatware without ro6t with adb command
Click to expand...
Click to collapse
jwoegerbauer said:
@Trace.Oneil
ROFL
FYI: I simply refered to your post
Click to expand...
Click to collapse
You should get the context of the message before leaving a remark like that dont you think? I certainly do,it implies that i am giving mis-information and dont know what i am talking about. I dont appreciate it and i can and will stand up for myself as both a woman and a person.
Trace.Oneil said:
Yes,there are posts all over XDA about it and you can also search the internet. Just type in how to uninstall bloatware without ro6t with adb command
Click to expand...
Click to collapse
seems like it worked so far, it also is able to disable apps that u cant disable in android while non rooted so now finally my built in launcher is totally disabled awell since i dont use it anymore. thanks for the answer.

[Rooted OnePlus 7Pro] - Used system-app remover and now the system wont boot. - possible bootloop situation

Hi all, in a bit of a panic right now because I think I might have screwed up my phone.
Basically I rooted it yesterday and I was looking at all the new features like the ability to systemize apps and the ability to remove systemized apps. Anyways I systemized termux just because I thought it would be cool to have the phone terminal app as a system app. But when I rebooted my phone termux didn't work. It would launch but I wouldn't be able to write anything in the terminal.
So I was kind of stumped at how to remove it then because I used the app-systemizer magisk module to systemize termux using termux. So I launched TWRP thinking I can just delete the files from system/privapp/. So I did just that and it kind of worked but the icon was still on my applications page which bugged me, so I read a little on forums and the app called "system app remover" was recommended. So I downloaded that and removed termux using this.
However, when I rebooted for these changes to take effect the phone wont go past the warning screen where it says something like "the bootloader is unlocked, integrity maybe compromised if you do something stupid (like me)". Then it just turns back to the bootloader screen where I can launch in recovery to access TWRP. but before I do anything else stupid I thought I'd ask for some professional help on here <3.
Thanks in advance,
Coxie
shantorana said:
How to get this thread for android..?
Click to expand...
Click to collapse
Sorry I don't understand what you're asking?

Android 11 update disabled the ability to install sideloaded APK's

This might not be the right place to ask this question but I have been lurking here for a bit and am hoping someone can help me out.
A quick bit of background. I just recently started using Android Tablets. So far all I do with them is to read ebooks, browse the web in an emergency, and, wirelessly access my Xfinity live TV and Peacock streaming service. I have 3 Onn tablets (7", 8" and 10") one of which is Android 10 and the other two are Android 11.
I have absolutely no interest in anything Google and have disabled pretty much all the pre-installed apps based on guides I found here. The only pre-installed apps I use are Files-by-google and Gboard. I use the Nova7 launcher. I do have a google account and access to the google play store but only use it in the extremely rare case I want a purchased app, otherwise I download APK's from sites like APKMirror and APKPure to my PC, validate them using MetaDefend and VirusTotal and then load to the device via usb.
I also have no interest in any cloud based storage.
In general I have all goggle apps disabled. In the rare case I do use the play store I have to first enable Google Play Services and Google Play Store and then once the specific app is installed I re-disable Google Play Services and Store. Also I only go online to use the Xfinity and Peacock apps, everything else I do offline.
So everything worked as I wanted it until at some point I allowed an Android 11 "security patch" to install on one of my Android 11 devices. Immediately I could no longer install any APK file on that device (see attached). Note that previously I could install apps with the Nova7 launcher, the Files app, the Files-by-google app and Firefox, all of which are enabled to install unknown apps. Now all of these methods result in the same error message (see attached). Still no problem installing on the Android 10 device or the other Android 11 device that I've kept from updating.
So does anyone know how I can get back to being able to install APK's? I've followed the standard recommendations of restarting the device, making sure install unknown apps is enabled and reset app preferences and the only thing that I see to do at this point is a factory reset. A factory reset would cause me a whole lot of pain to set things back up to how they were before and I'm not even sure that a factory reset is guaranteed to fix this.
Can anyone help me?
A factory reset won't undo the update.
If that is the cause and there's no work around you would need to reflash to the version without the update. System upgrades/updates tend to break things...
blackhawk said:
A factory reset won't undo the update.
Click to expand...
Click to collapse
That's what I was afraid of.
At this point for $59 I can throw out the old one and buy another but that brings up the question of how to disable system updates.
Would rooting the device solve the problem?
So far I've been able to do everything I wanted to do using adb shell pm disable-user --user 0 <package_to_disable>.
But given I'm going to throw the device out if I can't fix this, it seems like the perfect candidate to risk trying to root.
Mumblefratz said:
That's what I was afraid of.
At this point for $59 I can throw out the old one and buy another but that brings up the question of how to disable system updates.
Click to expand...
Click to collapse
It looks something like this. I use Package Disabler to kill this parasite, it's the first apk I disabled... with extreme prejudice
A ADB edit will work too.
blackhawk said:
It looks something like this. I use Package Disabler to kill this parasite, it's the first apk I disabled... with extreme prejudice
A ADB edit will work too.
Click to expand...
Click to collapse
The Package Disabler app that you showed in your screenshot looked like a better way to go that what I've been doing which is to use Application Inspector along with ADB but I've had some problems trying to install it.
For one thing they change a couple of things in MI settings and I don't have that category of setting. The bottom line is that I still haven't been able to get PD to work although the set-device-owner command did seem to work and resulted with the following:
C:\ADB>adb shell dumpsys device_policy
Current Device Policy Manager state:
Device Owner:
admin=ComponentInfo{com.pdp.deviceowner/com.pdp.deviceowner.receivers.AdminReceiver}
name=
package=com.pdp.deviceowner
isOrganizationOwnedDevice=true
User ID: 0
Enabled Device Admins (User 0, provisioningState: 3):
com.pdp.deviceowner/.receivers.AdminReceiver:
uid=10156
followed by a whole bunch of other stuff.
At this point it seems best to forget about Package Disabler and just continue with Application Inspector and ADB but I'm worried that the device owner change I made is going to screw me up sooner or later.
My question is do I have to do (yet another) factory reset and reinstall all my stuff or is there an easier way for me to undo this owner setting?
PS. I suddenly got a notification "this device belongs to your organization" This must have something to do with the owner thing.
Mumblefratz said:
The Package Disabler app that you showed in your screenshot looked like a better way to go that what I've been doing which is to use Application Inspector along with ADB but I've had some problems trying to install it.
For one thing they change a couple of things in MI settings and I don't have that category of setting. The bottom line is that I still haven't been able to get PD to work although the set-device-owner command did seem to work and resulted with the following:
C:\ADB>adb shell dumpsys device_policy
Current Device Policy Manager state:
Device Owner:
admin=ComponentInfo{com.pdp.deviceowner/com.pdp.deviceowner.receivers.AdminReceiver}
name=
package=com.pdp.deviceowner
isOrganizationOwnedDevice=true
User ID: 0
Enabled Device Admins (User 0, provisioningState: 3):
com.pdp.deviceowner/.receivers.AdminReceiver:
uid=10156
followed by a whole bunch of other stuff.
At this point it seems best to forget about Package Disabler and just continue with Application Inspector and ADB but I'm worried that the device owner change I made is going to screw me up sooner or later.
My question is do I have to do (yet another) factory reset and reinstall all my stuff or is there an easier way for me to undo this owner setting?
PS. I suddenly got a notification "this device belongs to your organization" This must have something to do with the owner thing.
Click to expand...
Click to collapse
Not sure as I never used that approach. I use whatever comes in handy...

Girlfriend virus

Redmi 4x satoni(not rooted or flashed)
Is there any way to detect root by exploit, apps like Kingo root and king root and many other one click root apps do this kind of thing where they use and exploit in the Android system and root the phone using it and similarly a malware can do the same?
(I'm assuming this is what it is)(spear phishing)
Can an apk file really gain root access and rewrite your device's rom with a malware in it, is that a thing?
I have installed a third party app where it just disappeared into the background(most likely social engineering) and I tried all avs but it came clean even went into safe mode and settings and tried app managers and settings but all failed
Next I tried the factory reset and the symptoms still persists
Note that I have created new accounts and changed passwords and have MFA on but is there any way for it to reinfect because I'm using the same device to create the new account?
Like is it because it infected my google access or something to come again after factory reset
Thanks
If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.
V0latyle said:
If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.
V0latyle said:
If you think a girlfriend virus is bad, just wait until you get married.
To answer your question....
Android is designed to be very rootkit-resistant. Features such as Verified Boot prevent unsigned/modified images from loading if the bootloader is locked; while it is possible for a malicious app to use an unpatched exploit to root the device every time it runs, any modificaiton made to any critical partiion such as /boot and /system would be detected, and the device would warn the user that the system is corrupted.
Since you've removed the app from your device and performed a factory reset, you should be safe. Good job on using MFA, by the way.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
No I think I misunderstood there were two apps that I downloaded one disappeared into the back ground (which is causing more havoc) and is undetectable by android avs and i m having trouble removing(got from a sketchy link from my gf)
The second app was just an Instagram app follower which ran in the background and I could uninstall directly(got from playstore)
I want to know how to detect and remove the first one
alokmfmf said:
got from a sketchy link from my gf
Click to expand...
Click to collapse
That's why one should always use protection.
alokmfmf said:
The second app was just an Instagram app follower which ran in the background and I could uninstall directly(got from playstore)
I want to know how to detect and remove the first one
Click to expand...
Click to collapse
What makes you think the first app is still there? If you've performed a factory reset, it's gone - unless it downloaded again when you restored your Google account to your device.
Are you sure you're not mistaking a built-in app?
alokmfmf said:
Is there any way to detect root
Click to expand...
Click to collapse
Yes, almost every banking / payment app does it.
V0latyle said:
That's why one should always use protection.
What makes you think the first app is still there? If you've performed a factory reset, it's gone - unless it downloaded again when you restored your Google account to your device.
Are you sure you're not mistaking a built-in app?
Click to expand...
Click to collapse
Yes I'm sure as my accounts getting hacked my personal media getting leaked permissions asked repeatedly and sim getting disabled
Also I'm trying not to log in to my google account and see how that works
Although I have tried to make new accounts from scatch and start from a clean new slate from factory reset it it may be the device itself I'm afraid
Social engineering-spear phishing(I think)
Redmi4x satoni
I was asked to click on a link and download an apk by my girlfriend and as soon as I downloaded it, it disappeared and I was asked to delete the apk
(I do not have access to the link also)
Later I realized that it tracks permissions, media and keyboard(except of exactly who I'm texting to because of android sandbox)
I tried FACTORY RESET but the symptoms still persisted (like getting hacked again and my private info getting leaked,sim deduction and detection of sim card and permissions being asked again and again even though I allowed it)
I checked all the settings of my phone and nothing is abnormal(I'm not rooted)
Is it possible that a used account could somehow transmit virus because I had a nasty malware on my phone so I factory reset my phone but the symptoms still remain so I used a new google account and others also but it still comes back so I'm guessing its the kernel or the ROM that got infected
I tried all avs but they all came clean and I'm certain that my android is infected with something
First and foremost I need to know how to DETECT the malware (to know which app is causing this)
And second how to REMOVE the malware
Thanks.
Which OS version? If not running on Pie or higher it's suspectable to the Xhelper family of partition worming malware
Yeah sounds like you got a worm... nasty critters.
A reflash may be the best option although if it is Xhelper it can now be removed without a reflash.
You are what you load
blackhawk said:
Which OS version? If not running on Pie or higher it's suspectable to the Xhelper family of partition worming malware
Yeah sounds like you got a worm... nasty critters.
A reflash may be the best option although if it is Xhelper it can now be removed without a reflash.
You are what you load
Click to expand...
Click to collapse
Yes I know I made a stupid decision its completely my fault I tried using the xhelper method but it comes clean I assume there is only one method that involves disabling the play store
I run on miui 11 nougat 7
Any methods to detect and remove the malware are welcome
And about reflashing its very complicated for mi phones most
alokmfmf said:
I run on miui 11 nougat 7
Any methods to detect and remove the malware are welcome
And about reflashing its very complicated for mi phones most
Click to expand...
Click to collapse
Reflash it to stock firmware. If you can upgrade to Android 9 consider doing so for security purposes. It may have performance/functionality drawbacks though for your application though, not sure as I never used 6,7 or 8.
Make sure you reset all passwords, keep social media, sales and trash apps off the phone. Always keep email in the cloud ie Gmail or such.
Run Karma Firewall. Be careful what you download and especially install... don't sample apps unless you have a real need for that particular app. Once installed don't allow apps to update as they may try to download their malware payload, a way to bypass Playstore security.
blackhawk said:
Reflash it to stock firmware. If you can upgrade to Android 9 consider doing so for security purposes. It may have performance/functionality drawbacks though for your application though, not sure as I never used 6,7 or 8.
Make sure you reset all passwords, keep social media, sales and trash apps off the phone. Always keep email in the cloud ie Gmail or such.
Run Karma Firewall. Be careful what you download and especially install... don't sample apps unless you have a real need for that particular app. Once installed don't allow apps to update as they may try to download their malware payload, a way to bypass Playstore security.
Click to expand...
Click to collapse
Will not logging in my google account help
alokmfmf said:
Will not logging in my google account help
Click to expand...
Click to collapse
No. The malware is in the phone apparently in the firmware.
blackhawk said:
No. The malware is in the phone apparently in the firmware.
Click to expand...
Click to collapse
I disagree, unless Xiaomi/Redmi's AVB/dm-verity implementation is useless, it should prevent a persistent rootkit.
I suspect this has little to do with the phone and more to do with reused passwords and other "organic" security failure.
V0latyle said:
I disagree, unless Xiaomi/Redmi's AVB/dm-verity implementation is useless, it should prevent a persistent rootkit.
I suspect this has little to do with the phone and more to do with reused passwords and other "organic" security failure.
Click to expand...
Click to collapse
You're probably right. Forgot it was running 11... lol, organic security failure, I like that
blackhawk said:
You're probably right. Forgot it was running 11... lol, organic security failure, I like that
Click to expand...
Click to collapse
The security measures that prevent persistent rootkits have been in place long before Android 11.
The most common root cause of a breach of security is the failure to ensure sufficient security in the first place. Simple passwords, reused passwords, no MFA, connected accounts, etc. Yes, there are plenty of Android viruses out there, but all of them "live" in the user data space. Of course, there may be unpatched exploits that allow root access, but these must be exploited every time the app is run. An app cannot modify the boot or system partitions without tripping AVB (if the bootloader is locked) whereupon the device would warn that the OS is corrupted.
At the end of the day, it's much much easier to simply use social engineering or other methods to gain someone's credentials, rather than trying to hack their device.
V0latyle said:
The security measures that prevent persistent rootkits have been in place long before Android 11.
Click to expand...
Click to collapse
Yeah Android 9 was where the hole for the Xhelper class of rootkits was plugged for good. It runs securely unless you do stupid things. This phone is running on that and its current load will be 3 yo in June. No malware in all that time in spite of the fact it's heavily used. It can be very resistant to attacks if set up and used correctly.
V0latyle said:
The most common root cause of a breach of security is the failure to ensure sufficient security in the first place. Simple passwords, reused passwords, no MFA, connected accounts, etc. Yes, there are plenty of Android viruses out there, but all of them "live" in the user data space. Of course, there may be unpatched exploits that allow root access, but these must be exploited every time the app is run. An app cannot modify the boot or system partitions without tripping AVB (if the bootloader is locked) whereupon the device would warn that the OS is corrupted.
Click to expand...
Click to collapse
I was initially thinking his was running on Android 8 or lower. Forgot On Android 9 and higher (except for a big hole in Android 11 and 12 that was patched if memory serves me correctly) about the only way malware is getting into the user data partition is if the user installs it, doesn't use appropriate builtin settings safeguards or by an infected USB device. Any phone can be hacked if the attacker is sophisticated and determined enough to do so... in my opinion. Even if this happens a factory reset will purge it on a stock phone unless the hacker has access to the firmware by remote or physical access. Never allow remote access to anyone...
V0latyle said:
At the end of the day, it's much much easier to simply use social engineering or other methods to gain someone's credentials, rather than trying to hack their device.
Click to expand...
Click to collapse
Lol, that's what social media is for
blackhawk said:
No. The malware is in the phone apparently in the firmware.
Click to expand...
Click to collapse
OK thanks for helping its been good
alokmfmf said:
OK thanks for helping its been good
Click to expand...
Click to collapse
You're welcome.
I retract that (post #12) as I forgot it is running on Android 11. Like V0latyl said it's probably the password(s) that were compromised if a factory reset didn't resolve the issue other than the exceptions I stated in post #16.
Also i found this on the net if that helps with the situation
Be especially wary of spear phishing. Do not click on any weird link sent by your closest friends, or if you feel compelled to do so, open it from a tightly secured operating system (a fresh VM) where you have never logged in to your social networks.
And
Factory resets are not enough to santitize the device.
Also I'm a bit scared as some people on the net have told that in some cases that even a flash might not wipe it as it resides in the boot logo or some places where flashes do not reach or in flash ROMs chips(but of course this is all very rare)
I am very fascinated and would like to learn more about it any suggestions would be helpful

Categories

Resources