BE 2026 Data Recovery after Wipe - OnePlus Nord N10 5G Questions & Answers

Hello,
So I've been perusing the threads, searching for an answer on this, however, I've not found it. I need to recover data after my phone was inadvertently wiped. I have a cryptocurrency wallet on there I need to get the app data for/recover. I tried a few applications, but they required me to root the phone. I then found this forum, and have been searching for more information, however, it seems rooting my phone model is circumstantial?
I've done OEM unlock, activated debugging mode, and the option that states "allow bootloader" unlock. In light of that, do I still have to flash the phone? If so, will it be possible to recover any data that hasn't been overwritten? Has anyone successfully rooted the Oneplus Nord N10 5G BE 2026?
I would humbly appreciate any advice on this matter, thank you.

If that data is worth much, power off the phone and don't use it.
If the internal memory was encrypted (Android 11 automatically does this) you have huge problems because the encryption key is gone.
The cryptocurrency wallet it's self may have builtin safeguards and those files are in a ocean of data now, diluted. All folder structure was lost when the data was deleted. If you can recover the data, you can search by file type and size in that ocean of juxtaposed data.
Using a data recovery specialist is your best shot if you have one at all. Amateur attempts will likely have a poor outcome.

blackhawk said:
If that data is worth much, power off the phone and don't use it.
If the internal memory was encrypted (Android 11 automatically does this) you have huge problems because the encryption key is gone.
The cryptocurrency wallet it's self may have builtin safeguards and those files are in a ocean of data now, diluted. All folder structure was lost when the data was deleted. If you can recover the data, you can search by file type and size in that ocean of juxtaposed data.
Using a data recovery specialist is your best shot if you have one at all. Amateur attempts will likely have a poor outcome.
Click to expand...
Click to collapse
Blackhawk, thank you so much for providing this information to me. This is what I thought, but don't have the background to understand this. I will follow your advice and hope for the best after finding a data specialist. Hopefully, someone can pull off a miracle. In the meantime, I will continue to peruse the forums to expand my knowledge to perhaps be better prepared for this in the future.
Truly, thanks again!

You're welcome.
Android is generally a very stable and reliable platform. However setting lock screens and such are more likely to lock you out of your own data than someone else. Sometimes through no fault of your own. If no lock is set, there's no password to get corrupted. I got locked out of a laptop bios like that.
Androids can and do crash often with little or no warning although this is rare. Drops probably kill more than anything else.
Always redundantly backup critical data to at least two hdds that are physically and electronically isolated from each other and the PC. Never encrypt data drives... lock it in a safety deposit box if you must.

Related

[Q] Need help with some research - secure data wiping

Hi guys,
I'm doing some research related to mobiles and need some help, as Google searches aren't bringing much up other than remote-wiping apps etc.
What I want to know basically - is it possible to securely wipe an Android phone, and if so, how? For example if you took an ex-work phone from a business, how would you go about securely wiping the data so that it couldn't be recovered.
I'm assuming that a factory reset doesn't securely wipe the data, and that it would be recoverable, is this assumption correct?
I came across one app that seems to overwrite all "deleted" data called SHREDroid but that seems to have lots of problems judging by the reviews.
Would really love some help on this if someone with more knowledge on the subject could enlighten me!
Thanks!
A data wipe deletes all user data, there's no way to recover it
They could be a way on a rooted phone but idk
Sent from my ice cream powered Nexus S
DarkhShadow said:
A data wipe deletes all user data, there's no way to recover it
They could be a way on a rooted phone but idk
Sent from my ice cream powered Nexus S
Click to expand...
Click to collapse
Sorry I don't want to sound rude but do you have any proof to back this up? From what I've just read, it's not a secure wipe. It's just similar to deleting all your files off a memory card or something, ie. easily recoverable with the right software.
On Blackberry and iOS you can do a secure wipe where the data is deleted and completely overwritten several times so that recovery is not possible. It seems this isn't the case with Android though.
Thanks
case0 said:
Sorry I don't want to sound rude but do you have any proof to back this up? From what I've just read, it's not a secure wipe. It's just similar to deleting all your files off a memory card or something, ie. easily recoverable with the right software.
On Blackberry and iOS you can do a secure wipe where the data is deleted and completely overwritten several times so that recovery is not possible. It seems this isn't the case with Android though.
Thanks
Click to expand...
Click to collapse
Well again, if there's a way it will NEED root
You cannot access /data without root
Sent from my ice cream powered Nexus S
Ok then. Well as anyone can root a phone by following some simple instructions from the internet, I suppose the stock factory reset can't really be considered secure.
I'm quite surprised that Android is the only one out of the big three OS' to not have a secure wiping function.
Surely there must be a way to do it though. If anyone could help me out on this that would be great.
Just bumping this once and then I'll let it die.
With load balancing and remapping, are you REALLY sure that ALL data is gone? I think you need to say "safe" from reading by whom? The next casual user, or someone willing to desolder the memory and go to work on it.
I don't know what load balancing and remapping is..
Basically I mean to CESG standards.
Load balancing makes sure you don't "wear out" one area of the flash part from repeated writes. Frequently-rewritten sectors will move around, so old copies of these sectors will be left scattered across the part. Remapping allows for hard errors to be mapped out, replaced by spare sectors, and the mapped-out sectors won't be reused. If you look at those sectors, you might get some old data.

[Q] How to securely wipe data from phone's internal partition (sanitization)

Hello,
I searched everywhere but I couldn't find much info on how to sanitize my phones' internal memory.
I have an HTC ONE, and a Samsung Galaxy S4 that I am trying to sell. I know that it's fairly easy to recover data from a wiped partition by using programs like "TenorShare Android Data Recovery", unless data has been written over them at least once.
I had taken pictures of some documents containing highly sensitive data with the phone, and would like to make sure that those documents are not recoverable by the next user.
Neither of them have the USB Mass Storage option in the settings, so I can't just use some secure wipe program.
Thank you!
kev510 said:
Hello,
I searched everywhere but I couldn't find much info on how to sanitize my phones' internal memory.
I have an HTC ONE, and a Samsung Galaxy S4 that I am trying to sell. I know that it's fairly easy to recover data from a wiped partition by using programs like "TenorShare Android Data Recovery", unless data has been written over them at least once.
I had taken pictures of some documents containing highly sensitive data with the phone, and would like to make sure that those documents are not recoverable by the next user.
Neither of them have the USB Mass Storage option in the settings, so I can't just use some secure wipe program.
Thank you!
Click to expand...
Click to collapse
This question keeps on coming up. It is not possible to securely wipe the internal 'SD Card' of any device. The only way to be sure is to destroy the phone itself. Unlike a PC you can't simply swap the hard-drive with a clean one.
SimonTS said:
This question keeps on coming up. It is not possible to securely wipe the internal 'SD Card' of any device. The only way to be sure is to destroy the phone itself. Unlike a PC you can't simply swap the hard-drive with a clean one.
Click to expand...
Click to collapse
So you mean I just have to live with the fact that if I sell my phone, the next user has access to everything that was on my phone? How about putting 30gb worth of useless files into the phone and deleting them all? Would that have a similar effect as writing bunch of random 1's and 0's on the partition?
kev510 said:
So you mean I just have to live with the fact that if I sell my phone, the next user has access to everything that was on my phone? How about putting 30gb worth of useless files into the phone and deleting them all? Would that have a similar effect as writing bunch of random 1's and 0's on the partition?
Click to expand...
Click to collapse
You could do that repeatedly with random files, but you will never be able to do it to the system partitions - so you can't clear out anything on those partitions and will therefore never be sure what might be left behind.
The 'next user' may well not be able to recover anything, but a forensic expert could do so very easily indeed.
kev510 said:
So you mean I just have to live with the fact that if I sell my phone, the next user has access to everything that was on my phone? How about putting 30gb worth of useless files into the phone and deleting them all? Would that have a similar effect as writing bunch of random 1's and 0's on the partition?
Click to expand...
Click to collapse
Hi, prior to going further, you might be interested in reading up these articles to gain more insight:
http://en.wikipedia.org/wiki/Data_erasure
http://www.androidcentral.com/securely-wiping-your-android-phone-makes-it-just-fine-sell-fud
http://www.securedeletion.com/
http://zackeryfretty.com/posts/secure-erasing-android-devices-guide-for-the-super-paranoid-seller
You're probably best wiping your phone, filling it up, wiping....... As many times as you can.
Sent from HTC Sensation XDA App
HTC Sensation
Android Version: 4.3
CyanogenMod Version: 10.2.1
CPU Frequency: 1.74ghz

[Q] How to secure the phone in case of loss/theft // My experience with remote-wiping

Quick Question regarding remote wipes and overall security of the phone's data in case of a loss/theft
Background story:
On New Year's Eve my good friend's iPhone 5S got stolen out of his pocket in a crowded club.
So I lent him my phone and we logged into iCloud using the Chrome Browser and triggered the wipe of the iPhone.
I offered him to call the credit card company and such if he had delicate data stored on the phone. But he refused...he trusts Apple's iCloud wipe routine and said he tested it at home and the phone was completely empty after that.
And he was surprisingly calm during the whole situation.
Okay he pays for insurance that covers a stolen phone, but I would have totally freaked out about my data...account logins, stored files and pictures, evernote notes, dropbox files etc.
My experience with the Android remote wipe:
Last evening I wanted to give it a try on my Android phone. So I pulled all the data that was on my phone and performed a nandroid-Backup of the system-files within TWRP and backed up my apps and data using TitaniumBackup.
And then I tried the Android Device Manager, which I had activated since it got released somewhen 2013, but never really tested more than the "localize" and "ring phone" functions.
Just yesterday I noticed the new "lock screen" function. Which is great, but I have always been using pattern locks anyway (triggered by Tasker, if my Wifi is not near). It's still nice to have and works like a charm (if the phone is connected to the internet).
So in addition I ordered my phone to get wiped. And it did what it said...it booted into Recovery and performed a factory reset / full-wipe.
But still all the data on the virtual sdcard was accessible after entering the SIM's pin code (I assume switching SIMs wouldn't change that) and setting up a new user profile. I know that it displays a warning that sdcards might not be wiped, during the process, but I thought this was referring to additional physical "microSD" storage. How wrong I was.
So all my pictures and stored files were fully accessible from the new user account.
If you store your unencrypted TitaniumBackup files on there the thief could easily restore them.
So encrypt them!
I was a bit shocked, to be honest.
And especially the fact that someone can access my phone's files without even knowing the lockscreen pattern/pin by simply booting into recovery bugs me.
Does encrypting the phone help in this situation?
Are there any drawbacks? I guess the speed and overall performance will decrease?
How can I protect the Recovery (I've got a HTC ONE, which is S-OFF'd and the bootloader unlocked via htcdev.com)?
Should I reflash the stock-recovery after flashing a CustomROM to at least make the thief require to reinstall the custom-recovery?
What other ways are there to protect the phone's data?
I don't let ADB turned on. (But this doesn't affect getting into recovery by rebooting.)
I don't keep nandroid/TitaniumBackup Backups on the phone. I pull them immediately onto a local computer after creation and delete them on the phone.
...what else?
To me booting the phone into recovery, hooking it up to any computer and using ADB to pull the sdcard's files is the most concerning security loop-hole. What am I saying...it's a shining and welcoming entrance with neon-signs all around it like a casino.
And exactly this is what taking my phone with me feels like, after the experience described above: GAMBLING...
Thanks in advance!
Every hint is very welcome
PS: If you want to try the wipe with the Android device manger yourself, be prepared that restoring the nandroid-Backup won't be possible! After a short while the phone will reboot itself and get wiped again.
The only way to restore the phone's former state was to restore the apps backups using TitaniumBackup in my case. Unfortunately some settings won't get restored, so I had to reenter all my mail accounts.
Just be prepared that it takes some time
PPS: I already posted this in the thread of the ROM I am currently using. Obviously no one didn't care over there So I thought the question might be to broad and ROM-unrelated. Hence the repost here. :angel:
No one? :angel:

data recovery after factory reset.

So I have a s9+ snapdragon running the latest Android 9 pie. My files got wiped out after a factory reset and I wanted to get some closure. Can I get those files back? It was not backed up on Google or Samsung cloud. Nor was it on a sd card. It was in the internal phone storage.
I hear you can recover the data so long as you don't overwrite the data. Files aren't really lost and still technically in your phone. These are pics and video actually. It's all I care about. I hear people saying you have to root phone and do a deep scan of the phone to try to recover the data but I hear you can't root cause it doesn't work on my version of s9+. (Snapdragon and android 9) I also heard you gotta take it to forensics data recovery. I called them but they said nope files are gone. But I read on Google recoverable.
Please anyone, help me. I've been down since I lost my pics and video. I took vids and pics back to my homeland where I haven't been back in 10 years.
PS. I was on vacation when this happened. My company unfortunately has access to my phone and if you miss type your password a certain amount of times it triggers the factory reset and wipes it out. I decided to stop a certain amount of times and then my 20 month old son started pushing buttons and there you have it. Factory reset.
files are lost bud. Sorry
did you ever connect your phone to any cloud for backup purposes?
It's connected but I didn't back up photos or vids. Everything else I did. Is there a way to root this version of phone I have? Temp root at least without tripping Knox?
No you can't ...it's gone...
Factory reset wipes /data internal storage
Sent from my SM-N960F using Tapatalk
Asepriest said:
No you can't ...it's gone...
Factory reset wipes /data internal storage
Sent from my SM-N960F using Tapatalk
Click to expand...
Click to collapse
mostly correct. It wipes the table of contents of storage, but doesnt actually wipe(remove) anything. The issue is that it starts writing 1's and 0's wherever it wants to because as far as it knows, the internal storage is empty (which it isnt). It then starts unintentionally corrupting file after file as it writes system data and everything else it writes. Can he recover the data? Maybe. Is it likely? Not even remotely. The only way to recover it is to turn it off, like now and get it connected to a lunix instance, adb into it and see whats still there. Which is likely nothing usable.
Completely unrelated side note: Youre from Sibiu? I visited there about 2 years ago. Positively GORGEOUS place!! We saw the sun set over cobblestone right between two rows of buildings. It was surreal!
bluerogue85 said:
It's connected but I didn't back up photos or vids. Everything else I did. Is there a way to root this version of phone I have? Temp root at least without tripping Knox?
Click to expand...
Click to collapse
yes there is a way to root it, and thats probably your only hope. Turn the phone off, read up on the new-ish root methods, apply them to your phone and see what you can get via ADB. Dont hold your breath, but that is the only way to get there. Treat it like a recently wiped hard drive, because thats technically what it is. Its the "C: drive" of your phone essentially
Youdoofus said:
mostly correct. It wipes the table of contents of storage, but doesnt actually wipe(remove) anything. The issue is that it starts writing 1's and 0's wherever it wants to because as far as it knows, the internal storage is empty (which it isnt). It then starts unintentionally corrupting file after file as it writes system data and everything else it writes. Can he recover the data? Maybe. Is it likely? Not even remotely. The only way to recover it is to turn it off, like now and get it connected to a lunix instance, adb into it and see whats still there. Which is likely nothing usable.
Completely unrelated side note: Youre from Sibiu? I visited there about 2 years ago. Positively GORGEOUS place!! We saw the sun set over cobblestone right between two rows of buildings. It was surreal!
Click to expand...
Click to collapse
Can you please teach me step by step how to do that or point me to a link. Cause thats what i read about how its not really gone. Has to have data over write the existing that was supposedly deleted. Did you mean Linux or lunix?
bluerogue85 said:
Can you please teach me step by step how to do that or point me to a link. Cause thats what i read about how its not really gone. Has to have data over write the existing that was supposedly deleted. Did you mean Linux or lunix?
Click to expand...
Click to collapse
if i typed lunix, then i meant Linux, and if i typed Linux, i meant Linux. Either way, i meant Linux. So, step by step... eesh thats gonna be a lot. First thing is to turn your phone off if you havent already. Itll keep writing stuff to the internal storage even if it doesnt say its doing so. Thats jsut what it does and it doesnt know that you dont want it to do that while its powered on. If youre able to do so, you can just turn on USB debugging in developer options and connect it to your computer without rooting it but granting permissions for your computer to access the drive. All of this requires having your phone powered on. The most dangerous thing ive told you to do is turn on usb debugging since it will write to the internal storage that you now have access to dev options, and then usb debugging. When the phone is powered on, try to keep it on airplane mode to avoid giving it reasons to actually do stuff. Linux isnt really necessary either as most software recovery tools will recognize the device and storage just fine, but the likelihood of it being able to actually recover anything is slim. If that doesnt get you full access to the internal storage, then youll have to either root or use linux or both. Its been a while since ive attempted this, so forgive me if my steps are off. That being said, these are the progressive steps one would need to take in order to do what youre trying to do.
does it wipe the phone though? Or does the phone allocate the areas where data is as free? If it only installs system and sets the previously used memory as "available or free". it can be recovered
Edit : if your phone was encrypted it wouldn't matter. Did your phone use secure start-up? (required a pin or password etc) then it would show adblock opening.
Nigmea said:
does it wipe the phone though? Or does the phone allocate the areas where data is as free? If it only installs system and sets the previously used memory as "available or free". it can be recovered
Edit : if your phone was encrypted it wouldn't matter. Did your phone use secure start-up? (required a pin or password etc) then it would show adblock opening.
Click to expand...
Click to collapse
my company triggered the factory reset after failed attempts of putting password in. see it uses a thing called airwartch or vmware not sure what its called but yea..still hoping to recover vids and pics if i can root my phone and just do a deep scan just not sure how. esp for my version phone of s9+ snapdragon android pie. i have not taken pics or vids. just twitter, fb, email. some internet browsing. but not sure if those overwrite new data as well.
bluerogue85 said:
my company triggered the factory reset after failed attempts of putting password in. see it uses a thing called airwartch or vmware not sure what its called but yea..still hoping to recover vids and pics if i can root my phone and just do a deep scan just not sure how. esp for my version phone of s9+ snapdragon android pie. i have not taken pics or vids. just twitter, fb, email. some internet browsing. but not sure if those overwrite new data as well.
Click to expand...
Click to collapse
You can try an app called disk digger. It's your best bet. About the best on the market. If you root. Or reinstall the firmware in Odin. Kiss em good bye
The way this works is front to back. A file is normally written from front to back. Once it gets the end. It starts over. Then there goes old deleted files
Files are not deleted until over written. But actually marked for deletion. Not gone till next write cycle
If it can't then their gone. But every day you use your device the chance gets slimmer. Just cause your not downloading stuff. Cache and sick files are over writing.
TheMadScientist said:
You can try an app called disk digger. It's your best bet. About the best on the market. If you root. Or reinstall the firmware in Odin. Kiss em good bye
The way this works is front to back. A file is normally written from front to back. Once it gets the end. It starts over. Then there goes old deleted files
Files are not deleted until over written. But actually marked for deletion. Not gone till next write cycle
If it can't then their gone. But every day you use your device the chance gets slimmer. Just cause your not downloading stuff. Cache and sick files are over writing.
Click to expand...
Click to collapse
Is there a way to root my phone without wiping it out first? Really trying this as my last option. To at least get some pics and or vids back.
bluerogue85 said:
Is there a way to root my phone without wiping it out first? Really trying this as my last option. To at least get some pics and or vids back.
Click to expand...
Click to collapse
Probably not.
Which link can you guys point me to to root? I have s9+ snapdragon. What are all my choices? Thank you.
I think I found one but link is broken. Syndicate. I really need this so I can at least do a deep scan of my phone. I need root!
You're right that it's possible to recover the data as long as it hasn't been overwritten. However, it can be difficult to do so without rooting your phone and doing a deep scan, as you mentioned. Unfortunately, it sounds like you can't root your phone due to its version.
You might want to consider reaching out to managed IT services that specialize in data recovery. They might have more advanced techniques and tools to recover your data. It's worth a shot since the pictures and videos mean a lot to you.
Good luck, and I hope you're able to recover your memories!

Can't get rid of spyware

I have done the following in attempt to get rid of this spyware:
flashed Havoc os
stock roms from official Miui using xiaomi flash tool and using twrp
erased partitions using adb before flashing (boot, system, recovery, data, cache)
It seems like it doesnt even touches it. I know its still there because he can control my phone (play notifications sounds from messenger i dont even have installed, closing/freezing my browser, freezing my screen, lockscreen goes on i dont even touch the phone).
What else can i do? Is there a way to erase every bit of data from the phone? What remains after flashing a stock rom?
edited//
Is there any way i can find Qualcomm Snapdragon 439 firmware and flash it? Can anyone help me pls?
I saw chimera tool can do firmware update but it costs 120 euro and idk if its gonna work
Can you explain more about the spyware?
Its like a windows bios malware or maybe its in some partition that doesnt flash when installing new OS.
I talked to xiaomi support and they told me to take it to service but there is none in my country. I asked for help on Malwarebytes forum, sent apps report and they scanned it with VIrusTotal... nothing found.
I also did a logcat at boot time, i dont know if anything can be seen there.
https://raw.githubusercontent.com/pulshar18/mylog/main/mylog.txt
The guy that did it hes messing with me like... telling me your wifi its not gonna work anymore, then it doesnt. O you have 5000 mah battery? my phone its charged 99% next day its empty and the phone just sits on the table... stuff like that so im pretty sure its hacked there is no doubt about that.
pulshar18 said:
Its like a windows bios malware or maybe its in some partition that doesnt flash when installing new OS.
I talked to xiaomi support and they told me to take it to service but there is none in my country. I asked for help on Malwarebytes forum, sent apps report and they scanned it with VIrusTotal... nothing found.
I also did a logcat at boot time, i dont know if anything can be seen there.
https://raw.githubusercontent.com/pulshar18/mylog/main/mylog.txt
The guy that did it hes messing with me like... telling me your wifi its not gonna work anymore, then it doesnt. O you have 5000 mah battery? my phone its charged 99% next day its empty and the phone just sits on the table... stuff like that so im pretty sure its hacked there is no doubt about that.
Click to expand...
Click to collapse
How did you get get infected by this ?
He got physical access to my phone.
pulshar18 said:
He got physical access to my phone.
Click to expand...
Click to collapse
That wasn't too clever. Lol, rootkit from hell.
You need to wipe the internal memory 100% as well the SD card if any.
If it has a sim card I'd replace that as well.
Or make the perp fix it... legally.
Any associated Google accounts reset the passwords... now.
Internal memory was wiped, sd card wiped, sim card none (i read some articles about sim card viruses thats just little scripts to call numbers, send texts and stuff maybe in another 50 years they will make malware that can do whats happening to me).
"Or make the perp fix it... legally." What?
"Any associated Google accounts reset the passwords... now." I didnt connect to anything cuz i know he has all my passwords, he clearly doesnt want that i can still use all my accounts.
I am in a similar situation.
I install YouTube vanced and WhatsApp Plus
in the latter case something deleted my entire data without asking me -I suspect it was clean master and my vanced applications were uninstalled all of a sudden.
I seem to know what cause that com.miui. securitycenter if you disable it it will boot loop if you to change and restrict access to various permissions then phone functionality is upset
I took out a separate thread on that here on xda Google com.miui. securitycenter draconian legitimate spyware from redmi
there is a thread on XDA I use havoc ~ two years or so but because it does not support VoLTE and trying to enable that has been in vain I am forced to come back to China ROM.
Did you install any apps after flashing ROMs / gapps?
pulshar18 said:
Internal memory was wiped, sd card wiped, sim card none (i read some articles about sim card viruses thats just little scripts to call numbers, send texts and stuff maybe in another 50 years they will make malware that can do whats happening to me).
"Or make the perp fix it... legally." What?
"Any associated Google accounts reset the passwords... now." I didnt connect to anything cuz i know he has all my passwords, he clearly doesnt want that i can still use all my accounts.
Click to expand...
Click to collapse
The malicious jpegs may be capable of doing that. I've had one the damages files in a folder but not files in folders, in the download folder.
It was confined to that folder unless one was to move it...
The trigger was viewing the jpeg.
They cure; simply delete it and repair or delete the damage files.
There are both Android and Windows variants of these. I've had a Windows variant too. Zero or minimum damage but only because I ID both quickly.
actually step back a little how do you conclude it's your phone that is affected you say he has access to our accounts and password maybe e is connecting on your Wi-Fi network IP address is the same and then trying to tinker with your accounts. what specifically makes you think that your phone is hacked as against something else
blackhawk said:
The malicious jpegs may be capable of doing that. I've had one the damages files in a folder but not files in folders, in the download folder.
It was confined to that folder unless one was to move it...
The trigger was viewing the jpeg.
They cure; simply delete it and repair or delete the damage files.
There are both Android and Windows variants of these. I've had a Windows variant too. Zero or minimum damage but only because I ID both quickly.
Click to expand...
Click to collapse
I have more than 30,000 from photographs and especially WhatsApp
how do I scan for malicious code in JPG is there a specific tool anti malware that has that capacity to go through JPG hexdump and then fish out
sieger007 said:
I have more than 30,000 from photographs and especially WhatsApp
how do I scan for malicious code in JPG is there a specific tool anti malware that has that capacity to go through JPG hexdump and then fish out
Click to expand...
Click to collapse
Jeeeesze, downloads from WhatsApp?
That's a great way to pick up creepy crawlers.
WhatsApp, FB, Instagram don't get on my devices. Ever.
They ruin lives, careers and more... they are spyware and malware by their very nature.
I never have had anything detect these little buggers, I'm not saying there aren't detectable, but don't count on it. The two I found I didn't even consider keeping them for analysis.
They wasted enough of my time as it was. Finding them in an ocean of jpegs could be problematic.
Rule #1, all downloads go to the download folder.
Choose what goes into your database after observation and at least scan it with Malwarebytes. Online Virustotal for any download remotely suspicious. Open jpegs at least once in the download folder and be aware of anything unusual afterwards... that may be the only clue you get.
If you really think one of these images has a malicious script, you need to isolate it. Scan with Malwarebytes and whatever else you want.
Try reloading, confirm the device is still clean then load the suspect database.
Problem being the trigger is opening the jpeg or some other related action to it like deleting the email it was associated with in Windows Outlook. If you get nailed again, reload and break/import your database in groups. You can see where this is going... it may take a while.
I've seen what they can do, I avoid downloading clickbait pics from untrusted sites, people and emails (email is kept in the cloud ie gmail).
My backups are also from different time periods on hdds completely isolated from each other and the PC. I could lose some of my database but not all of my it. With over 1 tb of data I'm not playing around.
The second and last(?) malicious jpeg I ran into was on Android about 1.5 years ago.

Categories

Resources