cancel
Showing results for 
Search instead for 
Did you mean: 

Android malware

Korth
Mayor / Maire

Astonishingly, my phone started behaving suspiciously. Intermittent browser hijacks (and browser launches) to random distasteful websites. Browser scriptblocking and adblocking preferences constantly disabling themselves. Weird processes running each other in the background. Constant Android notifications warning me about "failed transmission" - outgoing data packets being blocked - because I'm a tinfoil hat who routinely disable permissions for everything on everything, every app, every service, every hardware and software gizmo, top to bottom, unless I actually require specific things to be active while I'm actually using them. The phone complaining while nothing was actually being done on the phone which (in my opinion) should require any kind of "transmission".

 

It took me a while to realize I had malware. So I wiped the device with a factory reset and installed nothing. And it still had this malware. Apparently from the factory itself?

 

I ended up flashing a custom ROM from xda. It seems that hackers and modders are more reliable and ethical (and also offer better documentation and support) than the branded OEMs these days, lol.

 

Does anybody use security/malware software on their phones? I'm just sort of polling for some feedback, curious about what's out there, what's good, what's bad, how rampant this problem really might be.

14 REPLIES 14


@softech wrote:

you are hardcore...lol


Not really. The real credit goes to all the hackers and devs at places like xda.

 

I do know my way around a compiler - and I do my best to check through all the sourcecode that'll be running on that tracking device in my pocket - but mostly I just read their documentation and follow their instructions.

@Korth  you are hardcore...lol

 

So, did you try to bring this up on other forum and see what they say?  or maybe even open ticket with CAT?  maybe CAT is a a victim of this and unaware of the chips they got from who knows where...?

 

@Korth 

if you end up making one. consider me your first customer!

@gpixel 

 

I've already flashed a custom bootloader and a custom operating system - compiled on my own machines from clean sources. Anything stealthy and persistent enough to hide above firmware is essentially embedded in non-writable hardware. Every phone (and computer) these days is full of "black box" hardware, things which aren't documented and can't be controlled, configured, inspected, audited - but there comes a point where you simply have to accept a certain amount of invasiveness if you want to use the tech, or build your own machinery completely from scratch, or just turn everything off and go off the grid.

 

So I choose to "trust" this device (hardware) for now. Everything that could be done has been done to sterilize it, everything that I didn't authorize has been removed, every entry vector has been secured. I'm satisfied that this phone is as clean (or cleaner) than any other phone I could purchase. And I'm unwilling to build a smartphone from scratch or to abandon internet/communications forever.

@Korth 

there's a good chance you will need to just decommission the phone.. imo it's not worth taking the risk. I think it's an app that's been compromised. I'm not entirely sure if the malware is sophisticated enough to hide itself on the HDD and then reinstall once an internet connection is established. I'm pretty sure there is malware out there that can do it. in this case a new ROM wouldn't help you

softech
Oracle
Oracle

@Korth   I would be surprise what you found.. but i never use CAT phone myself..  maybe you should post it on Reddit or AndroidCentral to see what other says..


@pkara01 wrote:

google pixel and Huawei have better protection against malware I have seen so far.


lol, many people have presented rather compelling arguments that Google and Huawei (and Apple, Microsoft, Samsung, etc) have "secured" their consumer products with some of the most pervasive malware and spyware ever invented. They may not hold your data ransom, rob your bank accounts, or steal your social media identity - yet - but their telemetry, tracking, logging, profiling, controlling, and selling of "your" data is just as undesirable (to me) as the malicious/criminal junk created by random anonymous hackers.

 

So I'll kinda pass on these options, thanx anyways. Notice that I'd already disabled/controlled every permission possible and already chosen to install an "ungoogled" operating system in the first place. I'm interested in blocking against all malware and spyware, without allowing exceptions to malware or spyware which was written by (or is disguised to look like it came from) certain "trusted" vendors.

 

A sad surprise to me that fresh-from-the-factory firmware could be corrupted. I'm hoping that I somehow got a device which was tampered or part of a "bad batch", not that this OEM (or those it contracted to manufacture the devices) has become greedy or incompetent enough to encourage malware payloads.


@pkara01 wrote:

google pixel and Huawei have better protection against malware I have seen so far.


Agree with the Google Pixel..

 

but Huawei?   I am staying away from it.

 

Samsung was just OK before but I see it doing a better job in the last year or two.

 


@pkara01 wrote:

google pixel and Huawei have better protection against malware I have seen so far.


I know that are some apps that make the claim that they protect you from this type of unwanted software. Unfortunately, it's also possible that some of these apps could possibly contain malware. Only install apps from a trust source, particularly if the app is supposed to be protecting you from it.

pkara01
Good Citizen / Bon Citoyen

google pixel and Huawei have better protection against malware I have seen so far.

@will13am 

 

Cat S62 Pro phone, Android 10 factory ROM, USA/Canada variant. Purchased from Cat's online store, delivered to by UPS to their local depot (where I picked it up). It's not some Alibaba overstock or Ebay junk meant to be unloaded onto cheap spenders.

 

I'd always intended to install a modded ROM (a grapheneOS variant) but I was still using the OEM stuff (which I've archived for reference) when I got the malware. Mostly because I'm concerned about the FLIR camera software, it was difficult to port it to graphene on my previous Cat device, I wanted to really understand exactly how it's supposed to work before tinkering with it.

 

Previous Cat phones have always excellent hardware (robust, rugged, overkill, although the main SoC/RAM/ROM/etc are usually a generation outdated) and terrible Android software. Their in-house FLIR stuff is superb but the rest is buggy crap. But I seriously didn't expect it to be buggy malware-infested crap.

will13am
Oracle
Oracle

@Korth , if you buy those off brand phones with the hacked android roms, who know what junk is added to the rom.  All the third party roms that are worth using are open source.  There is nothing to hide or nothing that can be hidden.  

Korth
Mayor / Maire

@JK8 

 

No need to apologize, lol. I just changed the passwords for everything I'd ever logged into on that device, didn't take long and no lasting harm done.

 

I just found it curious that the device apparently had malware on it from the manufacturer itself. I hadn't disabled the OEM bootloader protection, hadn't broken the trust, hadn't rooted or modded or messed around with anything yet - I like to use what the factory gave me for a week or so before I start adjusting stuff. The phone had no previous owners, wasn't a refurb, came to me new in a factory-sealed package. The only software I'd installed on it were my SMS app and WiFi analyzer - both the same packages that I've used on other devices for a long time, both compiled (and slightly modded) personally long ago from the same github sourcecode.

 

So I can only conclude that this malware - this rootkit - was a pre-installed part of the factory ROM image. It seems almost impossible for malware to have installed itself so quietly and aggressively after so little internet usage (by a suspicious user, at "trusted" legit websites). That's why I was utterly astonished by its presence.

JK8
Mayor / Maire

@Korth 

 

Sorry this has happened to you. I do not use any security software on my phone.

Need Help? Let's chat.