Hello all! I had malware on my android, specifically Pixel 6, for a while it seems and I managed to uninstall the problamatic application/file that had malware. I also ran malwarebytes, but to be on the safer side I also factory reset my phone, but I wanted to know if the malware that I had for a while would have infected the system itself in that time which would make the factory reset useless and what I should do if that is the case. Just for some background information, my phone is also unrooted and the malware app/file came from third-party sites I believe. I found out I had malware when I ran the files/apps through "VirusTotal", one of which was "android/banker.bga tr", I have not had any issues during the time I had the malwares in terms of pop ups or battery drainage.
I would appreciate any help that you could provide.
As long as the boot loader is locked and you're on Android 9 or higher, a factory reset will kill any malware on it... unless you reload it!
Oh! Perfect, so as long as I do not load any backups (just to be safe), I should be fine? Also should I be worried of the damage the malwares have caused at this point?
Light0148 said:
Oh! Perfect, so as long as I do not load any backups (just to be safe), I should be fine? Also should I be worried of the damage the malwares have caused at this point?
Click to expand...
Click to collapse
Yes to the first question, and no to the second. Malware is concerned with stealing data, not frying components.
Strephon Alkhalikoi said:
Yes to the first question, and no to the second. Malware is concerned with stealing data, not frying components.
Click to expand...
Click to collapse
My apologies, I should have been more specific I meant in terms of data. I changed my passwords, but is there anything else I should do? Also are Whatsapp backups safe, or not? Thank you again for helping!
Light0148 said:
Oh! Perfect, so as long as I do not load any backups (just to be safe), I should be fine? Also should I be worried of the damage the malwares have caused at this point?
Click to expand...
Click to collapse
Scrutinize everything you load. If it breached your database it must be found and deleted.
Scripted Android malware jpegs are real... they can trash files in any folder they are in, maybe more.
The damages, if any, are leaked data, account names/passwords and your time.
Reset all passwords especially your Google account password. Write it down, don't lose it!
Always delete the Google account before you factory reset and when possible do the factory reset from settings rather than from the boot menu. To avoid issues with FRP...
Do not trust ANYTHING owned by mark zuckerturd (whatsapp).
Favor OPEN SOURCED software (F-droid is a good source).
Don't use anything from untrusted sources (from governments or sketchy sources or sketchy places).
Use TWO FACTOR AUTHENTICATION for everything that supports it.
Related
Hi.
My girlfriend has a Samsung Galaxy S II that has been acting a bit weird recently. Battery life has become extremely short, and she discovered hundreds of files all with names beginning with "tracker-c6446d57267343". Most mysterious of all is that something is somehow using the GPS even though it has been deactivated in the settings.
I'm suspecting her phone is infected with malware, and I'm planning to do a full wipe next time we meet. She's downloading AVG from Google Play right now to run a scan, but I'm going to do a full wipe anyway just to be sure and because she wants to have a clean start anyway.
I'm mostly curious if anyone has encountered this before. Is it malware? If so, how harmful is it? Keylogger, possibly?
Thanks.
CNMOH said:
Hi.
My girlfriend has a Samsung Galaxy S II that has been acting a bit weird recently. Battery life has become extremely short, and she discovered hundreds of files all with names beginning with "tracker-c6446d57267343". Most mysterious of all is that something is somehow using the GPS even though it has been deactivated in the settings.
I'm suspecting her phone is infected with malware, and I'm planning to do a full wipe next time we meet. She's downloading AVG from Google Play right now to run a scan, but I'm going to do a full wipe anyway just to be sure and because she wants to have a clean start anyway.
I'm mostly curious if anyone has encountered this before. Is it malware? If so, how harmful is it? Keylogger, possibly?
Thanks.
Click to expand...
Click to collapse
wow, first post for ya huh? good for you.
dont waste your time with AVG. just wipe the phone. and tell her not to install a bunch of stupid apps.
BluePoint Antivirus is my personal fave
Sent from my Samsung Galaxy SII
CM9 Stable/Siyah 4.1
topiratiko said:
BluePoint Antivirus is my personal fave
Sent from my Samsung Galaxy SII
CM9 Stable/Siyah 4.1
Click to expand...
Click to collapse
Lmao. anti virus on android. you guys are funny!
U know its pointless right?
MotoMudder77 said:
Lmao. anti virus on android. you guys are funny!
U know its pointless right?
Click to expand...
Click to collapse
Exactly. It is. Odds are someone installed an app on yer girlfriends phone to be able to track her, tape pictures with the camera remotely, steal her credit card info, use the mic to record what's going on , etc. All of this can be achieved with ONE app and allows the person who installed it to remotely access the device. Also the app hides itself from detection in the app drawer and in the app manager . The legal reasons to install it are for if u lose your phone. But if someone got a hold of her phone they could easily have put this on and set it up within minutes. In other words. Someone can hear and see everything she's been doing.
Sent from my SGH-I777 using Tapatalk 2
Phalanx7621 said:
Exactly. It is. Odds are someone installed an app on yer girlfriends phone to be able to track her, tape pictures with the camera remotely, steal her credit card info, use the mic to record what's going on , etc. All of this can be achieved with ONE app and allows the person who installed it to remotely access the device. Also the app hides itself from detection in the app drawer and in the app manager . The legal reasons to install it are for if u lose your phone. But if someone got a hold of her phone they could easily have put this on and set it up within minutes. In other words. Someone can hear and see everything she's been doing.
Sent from my SGH-I777 using Tapatalk 2
Click to expand...
Click to collapse
I'm finding it highly unlikely that any of her friends would do something like that, not to mention that none of them have the technical know-how (yes, I know it's not hard, but none of her friends are even technologically adept to pull something like this off) to do it. If such malware has been installed on her phone, it most likely came bundled with some app she downloaded. She doesn't get all her app downloads from Google Play.
MotoMudder77 said:
Lmao. anti virus on android. you guys are funny!
U know its pointless right?
Click to expand...
Click to collapse
I like the way it looks on my status bar.
Sent from my Samsung Galaxy SII
CM9 Stable/Siyah 4.1
CNMOH said:
I'm finding it highly unlikely that any of her friends would do something like that, not to mention that none of them have the technical know-how (yes, I know it's not hard, but none of her friends are even technologically adept to pull something like this off) to do it. If such malware has been installed on her phone, it most likely came bundled with some app she downloaded. She doesn't get all her app downloads from Google Play.
Click to expand...
Click to collapse
There is no such thing as malware on android. everything you install tells you what it has access to.
The only thing like malware, would be an application that records stuff and sends it out, which would be listed when she installed the app, Tho im sure most rarely pay attention to that screen other than hitting install.
There are no viruses, no malware, or anything "hidden" that can attack stuff without your permission.
Wipe the phone. Dont install pirated apps or stupid pointless apps.
MotoMudder77 said:
There is no such thing as malware on android. everything you install tells you what it has access to.
The only thing like malware, would be an application that records stuff and sends it out, which would be listed when she installed the app, Tho im sure most rarely pay attention to that screen other than hitting install.
There are no viruses, no malware, or anything "hidden" that can attack stuff without your permission.
Wipe the phone. Dont install pirated apps or stupid pointless apps.
Click to expand...
Click to collapse
Malware can definitely affect android. Sure there are safeguards built in to reduce the chances of it happening, but they rely on the user to enforce them. I can almost guarantee that a majority of android users don't look at what permissions an app is asking for prior to installation. I know for a fact that out of the 5 android users in my house I am the only one that checks permissions before I install anything. In addition, even if one is checking the permissions, a malicious app can easily disguise itself as an everyday app that requires the permissions the Malware needs but would be overlooked because the host app has a valid reason for needing those permissions.
A dialer, email, sms, social networking app will all ask for access to your contacts. And it's necessary for that app to do its job. Well if that same app has unlimited access to your network then it can now take your contacts and upload them.
Now a virus is another thing all together. While it's possible on a rooted phone with rw permissions in the system directory, it's unlikely since most apps exist in a "sandbox" so to speak. It wouldn't be that difficult for a root explorer app to gain access to your /system directory and wreak havoc and then target your sdcard and wipe out your data. But not before uploading whatever it wants (a lot of explorers require network permissions for cloud service, etc). But then I guess that would be classified as malware and not a virus
And lets not leave out all the apps that use social networks to login..
But the last two Lines of your post say it all. Stay away from pirated apps and watch what 3rd party apps you're trusting these permissions with.
Before anyone says it- yes I have searched. I've read the threads about root and 6.0. I know there is *currently* nothing, but some Vietnamese guy or guys are rumored to be releasing something soonish.
I'm wondering if it's possible to flash Lollipop back so I can root that. I read one thread saying I can't, but I don't know how current that was. This is a pretty big deal for me because Titanium Backup is the only way I've found to backup Google Authenticator, which I need for like 10 services (including work). I can't send the old phone back until I have Authenticator setup on the new phone, and I can't do that without root.
So...am I stuck?
If you're already on Marshmallow, you cannot flash back to Lollipop. Your only recourse is to wait until there's native Marshmallow root. It's been said about 300 times here already.
For the future, switch to Authy, it backs up all your 2-factor accounts to a password-protected cloud backup, so when you set it up on a new device, you just enter your phone number and backup password and you're good to go.
siraltus said:
If you're already on Marshmallow, you cannot flash back to Lollipop. Your only recourse is to wait until there's native Marshmallow root. It's been said about 300 times here already.
For the future, switch to Authy, it backs up all your 2-factor accounts to a password-protected cloud backup, so when you set it up on a new device, you just enter your phone number and backup password and you're good to go.
Click to expand...
Click to collapse
I was afraid of that Thanks.
Authy sounds convenient, but for anything requiring real security (like 2 factor auth) I don't trust anything "in the cloud", no matter how secure they say it is. But that's always the trade-off - convenience vs. security.
Thanks agian.
timekillerj said:
I was afraid of that Thanks.
Authy sounds convenient, but for anything requiring real security (like 2 factor auth) I don't trust anything "in the cloud", no matter how secure they say it is. But that's always the trade-off - convenience vs. security.
Thanks agian.
Click to expand...
Click to collapse
To play devil's advocate, you simply cannot know if Google Authenticator does not send any data back to Google.
siraltus said:
To play devil's advocate, you simply cannot know if Google Authenticator does not send any data back to Google.
Click to expand...
Click to collapse
Well, I can know, if I turn on traffic sniffing while using the app from home. But I get your point. My concern is more that everyone is jumping on the "cloud" bandwagon without necessarily knowing how to do it right. Just because something is password protected doesn't mean it's secure. I trust Google to be secure a whole lot more than I trust a company I've only just heard of.
timekillerj said:
Well, I can know, if I turn on traffic sniffing while using the app from home. But I get your point. My concern is more that everyone is jumping on the "cloud" bandwagon without necessarily knowing how to do it right. Just because something is password protected doesn't mean it's secure. I trust Google to be secure a whole lot more than I trust a company I've only just heard of.
Click to expand...
Click to collapse
How will you know for sure? What if Google Authenticator communicates via a common Google framework or service that all other Google apps use?
Good news for you! Tungkick has come up with a tot for rooting 6.0. Check out this thread. I think it might be what you're looking for... (what we've all been waiting for!)
http://forum.xda-developers.com/showthread.php?t=3382631
Sent from my pretty nifty brand new LG V10
Hi Folks.
I've done something a bit silly and hoping some Android expert on here may be able to help me.
I stupidly installed an app from an external source using a link that was given me for a specific app.
I am now freaking out about malware/spyware and all the rest of it.
At this point, I must point out that there is nothing to immediately suggest the app is bad. I only installed it a few hours ago on my phone but there hasn't been anything suspicious like extra battery use, heat, unknown apps in the list of battery usage or pop ups or anything like that. It could be that it's absolutely fine (and probably is.)
What I'm more concerned about is that there may be some nefarious background process running that means I suddenly wake up and find my bank account has been drained, or I'm being blackmailed by some Russian hacker that has hold of my emails and photos etc.
TWO IMPORTANT DISCLAIMERS (before anybody states the below:
- Yes, I know it was a stupid thing to do and I don't know what came over me. But it is done now.
- I know that a full factory reset is the best way to clear all but I'm desperate to avoid that. It took me two days to setup my new S21 Ultra and hate the thought of going through all of that again!
I know that Google Play Protect helps with apps from the GP Store, but I assume this is not relevant here because it came from an external source. Is there any kind of facility where I can upload the app and it scans it? Or am I screwed?
I also know you can download Norton etc but I read that they may not be effective on things like this. FYI, I am running the January 1st Android security patch (the most recent available.)
Thanks in advance.
Scan the apk file with online Virustotal.
Meh... show us the apk in question.
I have a few side loaded apps, so what?
Playstore is no sure bet either... load what you need, disregard the rest and toss the bad ones.
A badly written app can cause headaches even after it's uninstalled. Not as common with Android as in Windows but it happens.
On a clean load I'm careful what I install ie known good apps.
blackhawk said:
Scan the apk file with online Virustotal.
Meh... show us the apk in question.
I have a few side loaded apps, so what?
Playstore is no sure bet either... load what you need, disregard the rest and toss the bad ones.
A badly written app can cause headaches even after it's uninstalled. Not as common with Android as in Windows but it happens.
On a clean load I'm careful what I install ie known good apps.
Click to expand...
Click to collapse
Thanks. I've attached the apps. Thanks for your help and advice. I've scanned them on VirusTotal and they appear to be clean..
If you are worried about this, then you need to flash the phone. Then install the app to protect your phone from the official source.
philliplavelle said:
Thanks. I've attached the apps. Thanks for your help and advice. I've scanned them on VirusTotal and they appear to be clean..
Click to expand...
Click to collapse
Did the reload go well?
I just recieved the phone and transferred all from my S22U.
While browsing in Chrome I noticed that the back button on the lower right corner doesn't register touches sometimes. I have to touch the back button multiple times until it works.
Anybody else having issues with touch?
It should not be the case.
Backup data, factory reset the phone, restore data without restoring apps and settings and then check. It's time consuming but is a great way to start with a brand new phone.
Is this issue only on chrome? Or in other apps too?
Virgo_Guy said:
It should not be the case.
Backup data, factory reset the phone, restore data without restoring apps and settings and then check. It's time consuming but is a great way to start with a brand new phone.
Click to expand...
Click to collapse
Yeah, don't use SmartSwitch. Do a clean load from scratch. If you don't screw it up with upgrades/updates or buggy apps a good load can last years on an Android and remain fast/stable with minimal maintenance.
ApkExport can be used to create installable copies of your current apps so no Playstore is needed. Saves time and sanity.
blackhawk said:
Yeah, don't use SmartSwitch. Do a clean load from scratch. If you don't screw it up with upgrades/updates or buggy apps a good load can last years on an Android and remain fast/stable with minimal maintenance.
ApkExport can be used to create installable copies of your current apps so no Playstore is needed. Saves time and sanity.
Click to expand...
Click to collapse
What is the best app(not paid) for copying everything from phone to phone?
theboz1419 said:
I just recieved the phone and transferred all from my S22U.
While browsing in Chrome I noticed that the back button on the lower right corner doesn't register touches sometimes. I have to touch the back button multiple times until it works.
Anybody else having issues with touch?
Click to expand...
Click to collapse
have you tried other browsers? (try firefox or kiwi) or diferent websites? For example, i tried Hugoboss website and they have alot of issues using it.
xwonic said:
What is the best app(not paid) for copying everything from phone to phone?
Click to expand...
Click to collapse
I hand load everything. I use the SD card as a data drive; everything I need for a full reload is on it, then regularly and redundantly backed it up.
Current load on this N10+ will be 3 yo in June. Still runs like a bat out of hell.
blackhawk said:
I hand load everything.
Click to expand...
Click to collapse
This.
xwonic said:
What is the best app(not paid) for copying everything from phone to phone?
Click to expand...
Click to collapse
adb pull /sdcard
delete Android folder and copy over everything manually to the internal storage on the folder (adb push won't push subfolders)
Set up everything else from absolute scratch.
It's annoying but this is the only way to make sure you're starting with a clean slate and that your bugs aren't caused by something from your old phone. Spending an hour or two now can save you tens of hours down the line in troubleshooting nonsense nobody else seems to be suffering from and coming to the conclusion you have to factory reset anyway.
It's a good time to clean up apps you may not use much anymore too as you'll have to install your apps manually. I usually end up losing 10-20% of the apps I had on my old phone because I realize I don't really use them.
theboz1419 said:
I just recieved the phone and transferred all from my S22U.
While browsing in Chrome I noticed that the back button on the lower right corner doesn't register touches sometimes. I have to touch the back button multiple times until it works.
Anybody else having issues with touch?
Click to expand...
Click to collapse
Same here on Telegram app, on the left corner top, back button.
Mr.5g said:
Same here on Telegram app, on the left corner top, back button.
Click to expand...
Click to collapse
I have this one too... (but not in Chrome app).
And i have installed Telegram after I had my 23U
It seems it's really the app...
Canard caché said:
I have this one too... (but not in Chrome app).
And i have installed Telegram after I had my 23U
It seems it's really the app...
Click to expand...
Click to collapse
I guess that too
EtherealRemnant said:
adb pull /sdcard
delete Android folder and copy over everything manually to the internal storage on the folder (adb push won't push subfolders)
Set up everything else from absolute scratch.
It's annoying but this is the only way to make sure you're starting with a clean slate and that your bugs aren't caused by something from your old phone. Spending an hour or two now can save you tens of hours down the line in troubleshooting nonsense nobody else seems to be suffering from and coming to the conclusion you have to factory reset anyway.
It's a good time to clean up apps you may not use much anymore too as you'll have to install your apps manually. I usually end up losing 10-20% of the apps I had on my old phone because I realize I don't really use them.
Click to expand...
Click to collapse
Could copying everything manually what's inside the folders, cause problems in terms of cache and so on? Do these folders contain cache?
EtherealRemnant said:
adb pull /sdcard
delete Android folder and copy over everything manually to the internal storage on the folder (adb push won't push subfolders)
Set up everything else from absolute scratch.
It's annoying but this is the only way to make sure you're starting with a clean slate and that your bugs aren't caused by something from your old phone. Spending an hour or two now can save you tens of hours down the line in troubleshooting nonsense nobody else seems to be suffering from and coming to the conclusion you have to factory reset anyway.
It's a good time to clean up apps you may not use much anymore too as you'll have to install your apps manually. I usually end up losing 10-20% of the apps I had on my old phone because I realize I don't really use them.
Click to expand...
Click to collapse
Where do I get the ADB pull/SD card??
Darbar1701 said:
Where do I get the ADB pull/SD card??
Click to expand...
Click to collapse
Not really sure what you mean but this video may be good explanation how to do
mozdem said:
Could copying everything manually what's inside the folders, cause problems in terms of cache and so on? Do these folders contain cache?
Click to expand...
Click to collapse
Yes. The whole reason to do a clean load is to ensure the integrity of the load and to not reload the previous problems or malware. Letting the apps install clean is important.
I only restore data to trusted apps that allow backup and are difficult to setup from scratch... like Poweramp.
If you fail... you will live with the issues it caused until you factory reset it, again, in the worst case scenario. It's good to go through installing all the apps and configuring them at a reload as it allows you to spot previous mistakes and raises your level of awareness.
blackhawk said:
Yes. The whole reason to do a clean load is to ensure the integrity of the load and to not reload the previous problems or malware. Letting the apps install clean is important.
I only restore data to trusted apps that allow backup and are difficult to setup from scratch... like Poweramp.
If you fail... you will live with the issues it caused until you factory reset it, again, in the worst case scenario. It's good to go through installing all the apps and configuring them at a reload as it allows you to spot previous mistakes and raises your level of awareness.
Click to expand...
Click to collapse
Yea I get it, like you should only backup the folders/appdata from apps you know it won't cause problems. Otherwise clean installing best option.
Today I also found out that some websites in Firefox, also have this problem in top left corner not responding. I guess it's software related, because same websites had no issues on Chrome.
Mr.5g said:
Today I also found out that some websites in Firefox, also have this problem in top left corner not responding. I guess it's software related, because same websites had no issues on Chrome.
Click to expand...
Click to collapse
mmm the touch screen's response is perhaps too high???
Canard caché said:
mmm the touch screen's response is perhaps too high???
Click to expand...
Click to collapse
It has reported to samsung, perhaps next update will be fixed
since the bootloader is locked,
it seems theres no way to unlock the phone anymore.
I have used this pattern for more than 3 years
so it can not be wrong.
It got corrupted. Could be a single event upset in the data partition. If it reoccurs after a factory reset either the firmware has been corrupted or there's been a hardware failure.
Malware is also a possibility.
blackhawk said:
It got corrupted. Could be a single event upset in the data partition. If it reoccurs after a factory reset either the firmware has been corrupted or there's been a hardware failure.
Malware is also a possibility.
Click to expand...
Click to collapse
I haven't reset yet, trying to find ways to save data
but it's miui with locked bootloader
so it seems theres no way
sigh
ccaye said:
I haven't reset yet, trying to find ways to save data
but it's miui with locked bootloader
so it seems theres no way
sigh
Click to expand...
Click to collapse
That's one reason I don't set device locks.
also tried to clear the data cache but with stock recovery
it seems no way to do it
blackhawk said:
That's one reason I don't set device locks.
Click to expand...
Click to collapse
yeah i agree
after search on google found out there are alot ppl exprienced same bug as i had
but on xda seems like no one had this before
it seems the bug happens on various brand
should just unlocked the bootloader once i have the phone
ccaye said:
yeah i agree
after search on google found out there are alot ppl exprienced same bug as i had
but on xda seems like no one had this before
it seems the bug happens on various brand
should just unlocked the bootloader once i have the phone
Click to expand...
Click to collapse
That would make the phone less secure. You still would have the issue of file encryption to deal with.
Androids rarely crash but it happens.
A drop or near lighting strike can also destroy data. Redundantly and regularly backing up critical data is the only sure way to prevent data lose.
blackhawk said:
That would make the phone less secure. You still would have the issue of file encryption to deal with.
Androids rarely crash but it happens.
A drop or near lighting strike can also destroy data. Redundantly and regularly backing up critical data is the only sure way to prevent data lose.
Click to expand...
Click to collapse
true but i more worry about app's data
some apps just way too hard to back up and restore
i was going to try use EDL method to pull the file out
and reflash the phone then put the file back in
but i haven't try it
ccaye said:
true but i more worry about app's data
some apps just way too hard to back up and restore
i was going to try use EDL method to pull the file out
and reflash the phone then put the file back in
but i haven't try it
Click to expand...
Click to collapse
If a data critical app doesn't allow for import/export of its data, I don't use it.
I use Poweramp and especially Color Note because of this. Text and Gmail are cloud backup. Less data critical apps don't concern me. I never install any social media, shopping or banking apps.
I make installable copies of all my app; no Playstore needed for a reload. Everything I need for a full reload is on my SD card, that in turn is redundantly backed up. Current load on this device will be 3 yo this June. I don't upgrade or update the firmware and rarely any of the apps.
The result is a very stable, fast Android that needs minimal maintenance.... more playtime, less downtime.