Hi,
a cousin came to me with a problem about a trojan and now I have some questions to you:
All I know:
Some weeks ago I installed on this smartphone an app from F-Droid (Ghost-Commander) and to do so I had to tick >unknown sources<. After that I forgot to untick it again. About a week after that my cousin came to me with the smartphone and the 'trojan' on it (as you can see on the picture). She said that she only installed apps from the appstore.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
What the 'trojan' does:
A program is forced to foreground (as you can see on the picture) - it can't be exited. No key works. The status bar can be expanded but also clicking on the icons doesn't do anything. If the device is rebooted the lock-screen is shown first and when the device is unlocked then after about one to two seconds later the 'trojan' is executed.
What I did:
After some research I rebooted the device into safe-mode. The 'trojan' wasn't executed there and so I enabled android debugging. I couldn't remove any malicious app because due to safe-mode no suspicious app was loaded. After rebooting to normal-mode again the 'trojan' was back. I connected to the android shell with $adb shell and executed $top there. Then I started to force-stop suspicious apps with $am force-stop <package> and after some tries the 'trojan' was gone. I unchecked >unknown sources< und returned the smartphone to my cousin.
The problem now is that after some days the 'trojan' showed up again but now with a different package-name! (it was called edu.fluster this time)
View attachment commands.txt
Do you know
1) how this 'trojan' got onto the smartphone?
2) how it can be totally removed or if it was another infection how to prevented more infections?
3) how it is possible to write such a harmful program? I did some simple android programming and the sandbox that is built seemed pretty secure to me (as a novice) but how are such vulnerabilitiesfound? With much time? luck? knowledge? or all together?
I would be glad if you helped me!
piqJZu
EDIT:
I finally found the apps that start this trojan:
- 2 apps with the same name both are malicious - both show up as "Browser Update" in the menu
|-- one package is called: de.record.gauge
|-- the other: edu.fluster
Answers to the other questions are still appreciated
Related
I just came across an app in the market called " Z screenrecorder " and Im downloading it now to see if it works. Has anyone else tried this app with success?
Well... nothing. It looks like its working but its not creating a video file. Here is a screenshoot... my friend has a DROID x and it worked for him. Not sure why?
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Sent from my DROID X2 using XDA App
the X2 has issues with screen shots, you gotta use Screenshot ER AFAIK
but this app is for taking video instead of just pics of your screen.
and if this wont work on the DX2 then why cant we tether the hdmi output to the camcorder and have an option to choose source.
Need help to improve Z-ScreenRecorder
Hi everybody,
my name is Jorge , and I'am part of the developement team of Z-ScreenRecorder.
We have received several complains about not recording issue in some devices, and we are investigating the cause.
It will be very helpful for us, if someone who hasn´t made the app works (The interface runs ok, but not records the video file) sends back a log as follows:
-Download a free app from the market called "Android Terminal Emulator" (It's a linux terminal on the phone)
-Open it (A blue shell and a "$" prompt will be showed) and type "mount" followed by enter in the keyboard.
-In Menu-> Email To, send to "[email protected]" and exit.
Now, open Z-ScreenRecorder (Last version is 1.0.3), and push the button to record. While the icon on the satus bar is still blinking, open again the "Android Terminal Emulator", and repeat again the previus steps, sending a new e-mail.
Thank you in advanced for your time and collaboration.
Best Regards.
Hello
I would like my Android device encrypted, as it contains sensitive data. I'm currently on cm-9.0.0-rc1-tinystream-hephappy-p500 (RC1-Rev.B). Now, here is what happened:
- To encrypt internal
I went to Security in System Settings and touched "Encrypt Device". It gave some confirmations and I've accepted them however, now I'm kind of stuck on this screen.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
My first thought was "it is encrypting". But after hours of waiting, I wanted to check if it's done already. So I clicked the power-button once (just to unlock) and it asked for my password. I've entered it and it just went into my normal launcher. I've checked if anything had changed and no, my device has not been encrypted. Any logs somewhere? Any ideas what could have caused the problem?
- To encrypt SDcard
I did some research and didn't find something perfectly for my needs. Anyone has any idea on how to encrypt an SD card to properly work together with Android?
Note: I am using LINK2SD.
Thanks for your help
Another question that actually has nothing to do with my previous post that I post here because it's not worth a new thread: every time I plug in my phone into the charger, it boots automaticly. I don't want that, my previous build of CM9 did just recharge without booting, something I prefer. Any way to configure that?
Another question I want to add to the this thread: is it possible to combine a password lock and a slide lockscreen? Like when I encrypt the phone to enter a password to decrypt it again and then just use the normal slide lockscreen to unlock it each time after the decryption?
One last question: is there any way to encrypt the SQL database in Android? As it contains sensitive data... I've read something about SQLCipher but it doesn't get to work (any help would be appreciated).
Thread can be removed. Problems already solved. Discussion about security here: http://forum.xda-developers.com/showthread.php?t=1790964
And for the charging problem: http://forum.xda-developers.com/showpost.php?p=29217540&postcount=1787
hey i have the lg g8s and i trying to add on battery percentage
i already enable th system ui and i keep getting this error
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
it says
"
sorry...
adb shell settings put system status_bar_show_battery_percent 0
something went wrong while setting this toggle.
try executing the following command from a computer
"
i tried to manualy enable by setting this commands in the adb command shell
adb shell content insert --uri content://settings/system --bind name:s:status_bar_show_battery_percent --bind value:i:1
adb reboot
and it didnt work..
Up
Plz help me out :highfive:
Hey,
I won't be able to help you a lot more but still manage somehow to explain why it's like that.
On finished products, LG deactivated the option to show the battery percentage directly on the status bar as there was not enough space.
Let me give you an explanation based on what I've seen on an unfinished G8s ThinQ prototype: when '100%' is shown, the middle of the second zero was cut and the percentage hidden.
I think the best way to do it now is by using an app giving you the info in a way you want (Play Store or F-Droid (if you want open-source) will help you find out).
There's an option to show or not the battery percentage when you open the notification panel, just next to the network status, etc.
If someone manage to set it up in a right way, let's explain here and I'll send it to my colleagues in order to let the koreans make an OTA update for everyone (I hope they will do it)
PS: on this prototype, even the back design wasn't the good one because the main purpose of this one is to check for the dimensions, the screen, the notch with all visible sensors and the OS with Air Motion/HandID.
I would like to ask if there are any news ... and then ... I wanted to report this image ... not bad as a solution !?
Hello, I've never gone beyond entering developer mode on any of my phones, looking around carefully, then turning that mode off. I own two PH-1 phones, one is in full time service, and I would like to know of a tutorial / step-by-step to do what I need to do to maintain this phone with the images (ROMs?) that are being maintained and updated. I don't need the phone to do anything other-worldly, just keep it updated.
This is the only forum on here I'm allowed to post to, because I've been a listen-only member for a couple years but have never posted. I've just started using Ubunto 20.04 on a new laptop so I can get away from Windows, but I still have a Win7Pro laptop.
Thanks for your recommendations on how to get started -- safely started -- and how to learn what I need to learn.
Also, I just read some of the read-me-first stickys, and please allow this to also be my "Say Hi" email...
"MP"
PS -- I get a captcha, check it, get the green checkmark, but I see *no* image... I'm using firefox w/ NoScript (all scripts enabled for this tab), on an Ubuntu 20.04 laptop.
So no one cares to reply? Did anyone read it besides myself? Whiskeytangofoxtrot
@Messypotamia
If phone's Android OS isn't an A/B-partition-layout-system - what I believe because its Stock ROM is Android 7.1. - then updating a phone's Android requires phone's boot-loader is unlocked. This must get enabled within phone's Developer options - keyword: OEM unlock - what simply sets phone's unlock ability flag to 1 . Additionally it's necessary that ADB ( read: Android Debug Bridge ) gets enabled in phone's Developer options - keyword: USB debugging.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Hey there.
I have since a few days the new ShieldTV remote with IR function and netflix button. Since yesterday I try to change the NvIRTuner.apk (com.nvidia.irtuner) or its database or the IR calls. Unfortunately without success so far.
The database is built very interesting. I'm talking about the O1R_UPDATE_19NOV20.sqlite here.
In the table M_Codes you can find all IR codes. Before the corresponding Java class determines the device which one has selected in the IR-AV-Toogle menu. In my case a LG TV with the id 1970. This Id can be seen in the setup.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Here a Logcat excerpt, if I press my menu button to trigger the HDMI toggle:
07-11 13:37:30.050 4415 4601 D ShieldBluetoothIRInterface: *****REPORT*****0 - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
pastebin.com
Good to see the actual IR_Code that is taken, or its alias:
INPUT SCROLL
What I have tried so far:-I replaced all IR codes in O1R_UPDATE_19NOV20.sqlite with Channel_UP and then moved this db to /data/data/com.nvidia.irtuner/databases with su-rights.
-> Unfortunately the system app com.nvidia.irtuner seems to read the db inital only once. I can't get it to read my db. I don't understand why. No matter if I reset the app, replaced the O1R_UPDATE_19NOV20.sqlite and give appropriate chown and chmod rights or reset the app before.
-My second attempt was a modified APK. Unfortunately, this can not be installed, because it must be signed by nvidia. I have root, but I don't know what to change in the /system/packages.xml so that the system would accept the app.
->When I try to install it, I only get the message that you have to sign this apk appropriately for the user.
-Then I tried to reproduce the service call from the logcat but unfortunately I don't know what to do.
Does anyone have a tip for me?
Greetings by Idijt