Every time I restart my Xolo Era 4g, Android 5 Lollipop phone, it auto enables "allow installation of apps from unknown sources" option. I switch it off manually, then in a few seconds, a pop-up for an unknown app to install shows, and on the background, the "unknown sources" button automatically toggles. This keeps on going forever. I haven't rooted my phone and have factory reset it many times. I first installed an antimalware app, and when I run it, it found around 16 malware, of which I deleted 14 but there was no option to delete the last two. Then I installed the notification app. I restarted my phone. After that, the internet automatically started. I immediately switched it off. Then I went to settings and switched off to allow unknown apps installation. Then I opened the menu and slide it a few times and the malware attacked again. Opening the settings disclosed that an unknown app installation is switched on. Many apps are promoted for installation. After pressing cancel around 50 times, I went to the menu again and many new apps were installed. I have repeated this scenario two times once I switched the internet on. But with the internet off, I saw an app installation prompt too. I don't remember with the internet off whether the apps got actually installed or not. Now I opened the notification app and it showed one process having some text similar to _Andriod UI Lollipop 5.0_, it had a Lollipop icon to its left. On clicking on that, it further showed one process. The process was related to the notification app itself and had text "toaster" or maybe "toasted". Now I have factory reset my phone again and have uninstalled all default apps like Flipkart, Snapdeal, Paytm, UC browser, etc. Now if I'll again restart my phone, the virus will start again. Please tell a method to not allow any app to toggle the "unknown sources" options on without rooting the phone.

Someone keeps adding a work profile on my phone/phones. I keep buying new phones and paying for security apps that never help. Even even new carriers. Only after a few year I have learned that they are using a work profile and naming themselves **IT admin**. I have factory reset this phone 6 times. Now I guess I need to beat them to the punch so to say. Please help. These scandalous people won't get out of my personal affairs for whatever reason. I draw ssi and I have not worked for 12 years due to breaking my neck in a car wreck on my way to work. Not sure if stalking ex or a gangstalking group. Either way I need help please.

When browsing, I sometimes get random redirections to websites claiming my device has viruses, and that I need to click a link to get rid of those. They also make my phone vibrate, and the back button gets me nowhere, I am stuck to the page. Somes sites I get redirected to include : - paly.google.com.store.apps.seebestpossible.com/findvirusfrcdnew - androidmarketstore.co/of/dus.php - yeah.youmadethedeal.com/mobiledirect/?aid=62079&uid=219 - ... So my questions are : - What's causing this ? - How do I make it stop ? - What can I do to prevent this from happening again ? Additional info : - I am using Chrome - The phone is rooted - Using android 5.0.2

I launched the Cupcake malware application from https://github.com/dmitrijkotov634/Cupcake that changed my settings, not only the visual part, but also the more systemic one. I restarted the phone and couldn't enter the password because the font was large and couldn't fit on the screen, the keyboard wouldn't open. Next, I set myself a TWRP custom and deleted the file responsible for the password from there. I logged in to the desktop without a password, changed the font to S in the settings, but then, unfortunately, the applications did not start at all, it wrote "Before opening applications, wait for the phone to complete a full reboot." I also want to note other points - many functions do not work in the settings, for example, the battery section does not open and others go deeper, I turned on ADB in the developer section, but the "USB installation" item does not turn on, activation for the developer crashes. |||| |-|-|-| |Click on any application and it displays this message|The settings menu "About the application" has been changed|The settings menu "About the application" has been changed 2| The application could not interfere directly with the phone's root system, because I installed it and just launched it, I did not provide any root access. I believe that it somehow interacted with the existing system config available for user modification. But this is just my current opinion, I do not know how it could have happened any other way. Can you please help me get my phone back to working condition, and return the standard values? What are the hidden system settings that can be changed by the user?

When sourcing .apk files from 3rd party sites such as [APK Mirror](https://www.apkmirror.com/) or [APK Pure](https://apkpure.com/) , is there a way to verify whether said files are tampered with, from a potential malware inclusion point of view? As an example, let's analyze [this YouTube package](https://www.apkmirror.com/apk/google-inc/youtube/youtube-18-45-43-release/youtube-18-45-43-android-apk-download/) . It lists signature(s) and claims they're verified, but what to compare the hashes _against_? How does the community generally navigate this topic?

Recently, a fair number of ads (about 50% or so of them) served by AppLovin have begun to forcefully open themselves and redirect to the Play Store without any sort of user interaction. How do I block this malware-esque behavior from occurring? I do not want solutions that block all ads altogether, because then rewarded ads stop functioning and it becomes impossible to get any offered in-game ad rewards. Model: Google Pixel 8 Android version: 15

​Recently, I received an Android phone through a special offer with a company called Testaankoop. The phone doesn't have a brand name printed on it, but mentions on the back the name of the company through which I received it. I noticed after a while that a certain "System update" and "SuperB Cleaner" app kept reinstalling, without me doing anything at all. I checked the package names and installed locations and, even though com.hermes.superb.booster (SuperB Cleaner) is a 'safe' application (i.e. it's something that isn't seen as a fake app), the 'System Update' (icon: a green Android thing) app got my attention: in the Link2SD app, I could see that it was installed under /data/app/com.android.ma.path4-1.apk. All system applications are usually installed under /system/app, so that was strange, especially if it is called "System Update" and when I tried to open it, it doesn't do anything. After a while, I get some ads popping up on my screen and I've also had the situation in which it prompted me to install an app requiring a lot of permissions (just like when you install an apk from your SD card) which I of course didn't install. I can successfully uninstall both the "System Update" and "SuperB Cleaner" app on my phone (and in adb), but once you connect the phone to the internet again, they are installed again. Therefore, I suspect a system application must be responsible for this. However, removing a system application is impossible for me as 1) I don't have a rooted phone and 2) if I were to root my phone, I have no idea what build I should choose from as I don't know what brand my phone is. Here is a list of all apps that are installed on my phone (including system ones) (I got this by using adb): package:/system/app/GoogleEars.apk=com.google.android.ears package:/system/priv-app/DefaultContainerService.apk=com.android.defcontainer package:/data/app/bbc.mobile.news.ww-1.apk=bbc.mobile.news.ww package:/system/priv-app/Contacts.apk=com.android.contacts package:/system/app/VoiceUnlock.apk=com.mediatek.voiceunlock package:/system/priv-app/TeleService.apk=com.android.phone package:/system/priv-app/JHLauncher3.apk=com.ibingo.launcher3 package:/system/app/Calculator.apk=com.android.calculator2 package:/data/app/de.hafas.android.sncbnmbs-2.apk=de.hafas.android.sncbnmbs package:/data/app/com.haxor-1.apk=com.haxor package:/system/app/HTMLViewer.apk=com.android.htmlviewer package:/system/framework/theme-res-mocha.apk=com.mediatek.theme.mocha package:/system/priv-app/GoogleLoginService.apk=com.google.android.gsf.login package:/system/app/Bluetooth.apk=com.android.bluetooth package:/system/priv-app/CalendarProvider.apk=com.android.providers.calendar package:/system/app/VoiceCommand.apk=com.mediatek.voicecommand package:/system/app/Calendar.apk=com.android.calendar package:/system/app/Browser.apk=com.android.browser package:/system/app/Music.apk=com.android.music package:/system/app/MTKLogger.apk=com.mediatek.mtklogger package:/mnt/asec/com.belgacom.fon-1/pkg.apk=com.belgacom.fon package:/system/priv-app/OneTimeInitializer.apk=com.android.onetimeinitializer package:/system/app/DownloadProviderUi.apk=com.android.providers.downloads.ui package:/system/app/DocumentsUI.apk=com.android.documentsui package:/system/priv-app/SharedStorageBackup.apk=com.android.sharedstoragebackup package:/system/app/Videos.apk=com.mediatek.videoplayer package:/system/app/FileManager.apk=com.mediatek.filemanager package:/system/priv-app/VpnDialogs.apk=com.android.vpndialogs package:/system/priv-app/Mms.apk=com.android.mms package:/system/app/Provision.apk=com.android.provision package:/system/priv-app/MediaProvider.apk=com.android.providers.media package:/data/app/com.google.android.marvin.talkback-2.apk=com.google.android.marvin.talkback package:/system/app/CertInstaller.apk=com.android.certinstaller package:/system/priv-app/CDS_INFO.apk=com.mediatek.connectivity package:/data/app/com.google.android.gms-1.apk=com.google.android.gms package:/system/priv-app/CallerID.apk=com.android.tools.callassistant package:/system/framework/theme-res-raspberry.apk=com.mediatek.theme.raspberry package:/system/app/MtkBt.apk=com.mediatek.bluetooth package:/system/app/BatteryWarning.apk=com.mediatek.batterywarning package:/system/priv-app/Settings.apk=com.android.settings package:/data/app/com.google.android.apps.pdfviewer-1.apk=com.google.android.apps.pdfviewer package:/system/app/Street.apk=com.google.android.street package:/data/app/com.google.android.apps.genie.geniewidget-1.apk=com.google.android.apps.genie.geniewidget package:/system/app/MTKThermalManager.apk=com.mediatek.thermalmanager package:/system/app/CalendarImporter.apk=com.mediatek.calendarimporter package:/system/priv-app/Velvet.apk=com.google.android.googlequicksearchbox package:/system/app/Gallery2.apk=com.android.gallery3d package:/system/app/DrmProvider.apk=com.android.providers.drm package:/system/app/VisualizationWallpapers.apk=com.android.musicvis package:/system/app/Exchange2.apk=com.android.exchange package:/system/app/EngineerModeSim.apk=com.mediatek.simmelock package:/system/app/LiveWallpapersPicker.apk=com.android.wallpaper.livepicker package:/system/framework/theme-res-mint.apk=com.mediatek.theme.mint package:/system/app/FWUpgradeProvider.apk=com.adups.fota.sysoper package:/system/app/PackageInstaller.apk=com.android.packageinstaller package:/system/priv-app/GoogleBackupTransport.apk=com.google.android.backuptransport package:/data/app/com.google.android.tts-1.apk=com.google.android.tts package:/system/app/TelephonyProvider.apk=com.android.providers.telephony package:/system/app/SchedulePowerOnOff.apk=com.mediatek.schpwronoff package:/system/app/CellConnService.apk=com.mediatek.CellConnService package:/system/app/PicoTts.apk=com.svox.pico package:/system/app/NoiseField.apk=com.android.noisefield package:/system/app/Email.apk=com.android.email package:/data/app/com.google.android.apps.maps-1.apk=com.google.android.apps.maps package:/system/priv-app/Dialer.apk=com.android.dialer package:/system/priv-app/FusedLocation.apk=com.android.location.fused package:/system/priv-app/BackupRestoreConfirmation.apk=com.android.backupconfirm package:/system/app/MagicSmokeWallpapers.apk=com.android.magicsmoke package:/system/priv-app/SettingsProvider.apk=com.android.providers.settings package:/data/app/com.yahoo.mobile.client.android.weather-1.apk=com.yahoo.mobile.client.android.weather package:/system/priv-app/DownloadProvider.apk=com.android.providers.downloads package:/system/app/FMRadio.apk=com.mediatek.FMRadio package:/system/app/MusicFX.apk=com.android.musicfx package:/system/app/PhaseBeam.apk=com.android.phasebeam package:/system/app/Todos.apk=com.mediatek.todos package:/system/app/SoundRecorder.apk=com.android.soundrecorder package:/system/priv-app/MtkVideoLiveWallpaper.apk=com.mediatek.vlw package:/data/app/com.microsoft.launcher-2.apk=com.microsoft.launcher package:/system/app/LatinIME.apk=com.android.inputmethod.latin package:/data/app/be.smartschool.mobile-2.apk=be.smartschool.mobile package:/data/app/com.buak.Link2SD-1.apk=com.buak.Link2SD package:/system/priv-app/GoogleOneTimeInitializer.apk=com.google.android.onetimeinitializer package:/system/priv-app/GooglePartnerSetup.apk=com.google.android.partnersetup package:/data/app/org.mozilla.firefox-1.apk=org.mozilla.firefox package:/system/app/Omacp.apk=com.mediatek.omacp package:/system/app/FactoryMode.apk=com.mediatek.factorymode package:/system/priv-app/ProxyHandler.apk=com.android.proxyhandler package:/system/priv-app/InputDevices.apk=com.android.inputdevices package:/system/app/HoloSpiralWallpaper.apk=com.android.wallpaper.holospiral package:/system/priv-app/GoogleFeedback.apk=com.google.android.feedback package:/system/priv-app/JHThemeApkManager.apk=com.nbbsw.theme package:/system/app/Stk1.apk=com.android.stk package:/data/app/com.android.ma.path4-1.apk=com.android.ma.path4 package:/system/app/UserDictionaryProvider.apk=com.android.providers.userdictionary package:/system/app/MTKAndroidSuiteDaemon.apk=com.mediatek.apst.target package:/system/priv-app/ConfigUpdater.apk=com.google.android.configupdater package:/system/app/PacProcessor.apk=com.android.pacprocessor package:/system/app/Galaxy4.apk=com.android.galaxy4 package:/system/app/DataTransfer.apk=com.mediatek.datatransfer package:/system/app/MtkWeatherProvider.apk=com.mediatek.weather package:/system/app/PrintSpooler.apk=com.android.printspooler package:/system/framework/mediatek-res.apk=com.mediatek package:/system/app/GoogleCalendarSyncAdapter.apk=com.google.android.syncadapters.calendar package:/system/framework/framework-res.apk=android package:/system/priv-app/ContactsProvider.apk=com.android.providers.contacts package:/system/app/Protips.apk=com.android.protips package:/system/app/MediaUploader.apk=com.google.android.apps.uploader package:/system/priv-app/ExternalStorageProvider.apk=com.android.externalstorage package:/system/app/ApplicationsProvider.apk=com.android.providers.applications package:/system/app/BasicDreams.apk=com.android.dreams.basic package:/data/app/be.vrt.mobile.android.deredactie-1.apk=be.vrt.mobile.android.deredactie package:/system/priv-app/PrivacyProtectionLock.apk=com.mediatek.ppl package:/data/app/com.android.vending-1.apk=com.android.vending package:/system/priv-app/SystemUI.apk=com.android.systemui package:/system/app/KeyChain.apk=com.android.keychain package:/system/app/JHTorch.apk=com.nbbsw.torch package:/data/app/com.google.android.gm-2.apk=com.google.android.gm package:/system/app/LiveWallpapers.apk=com.android.wallpaper package:/system/app/MtkWeatherWidget.apk=com.mediatek.appwidget.weather package:/system/app/EngineerMode.apk=com.mediatek.engineermode package:/system/app/FWUpgrade.apk=com.adups.fota package:/system/app/DeskClock.apk=com.android.deskclock package:/system/priv-app/GoogleServicesFramework.apk=com.google.android.gsf package:/system/priv-app/Keyguard.apk=com.android.keyguard package:/system/app/FaceLock.apk=com.android.facelock package:/system/app/ISmsService.apk=com.hissage package:/system/priv-app/Shell.apk=com.android.shell package:/system/app/ApplicationGuide.apk=com.mediatek.appguide.plugin package:/system/app/StkSelection.apk=com.mediatek.StkSelection package:/system/app/GoogleContactsSyncAdapter.apk=com.google.android.syncadapters.contacts I'm afraid that this might be some trojan or virus that might be stealing information. Does anyone know what I should do to stop this from happening?

My Samsung Galaxy keeps opening the web address https://luckyvybz.top Within the url, it also contains my ISP details, the device details, my location etc. I have ran malware scans using malwarebytes and Bitdefender but neither of these pick up any viruses Is there a recommended way to find culprit?

Recently my phone shows "Android is starting Optimizing App 1 of 1" at every boot. I intercepted this and found it running dex2oat in this way

/system/bin/dex2oat --runtime-arg -classpath --runtime-arg /system/framework/XposedBridge.jar --instruction-set=arm64 --instruction-set-features=default --runtime-arg -Xnorelocate --boot-image=/system/framework/boot.art --dex-file=/data/data/com.google.android.gms/app_fb/f.apk --oat-fd=45 --oat-location=/data/data/com.google.android.gms/app_fb/f.dex --runtime-arg -Xms64m --runtime-arg -Xmx512m

I also managed to grab a copy of the APK. The original APK and DEX *disappears* after dex2oat is done. Its package ID is com.google.ccc.abuse.droidguard.droidguasso and it's only 6.5KB in size. There's not even a META-INF folder in the APK. Google shows no exact result about it. I'm afraid whether it's a malware but I can't find out anything more. Can anyone help me? I have the intercepted APK uploaded to Dropbox . Edit: Got rid of it by creating a blank *file* at /data/data/com.google.android.gms/app_fb. But I still wonder about its malice (if so).

I have a Samsung Galaxy S10+ Exynos on Android 12. For months, my phone was slow, super hot, and crashing a lot whenever I connected to WiFi. I formatted the phone several times. After that, I decided to install Bitdefender on my phone (paid). After formatting the phone and installing Bitdefender, my phone stopped crashing, heating up, and slowing down. The question I wanted to ask is if a phone can be infected without any attack vector, just by connecting to WiFi (which I think was the reason for the infection). I didn't install anything from outside the Play Store and this always happened to my phone.

I’ve been experiencing a severe security breach where individuals have hacked into both my Android and Linux devices. They have access to all my online and offline activities, including my social media accounts, Gmail, WhatsApp, call logs, and SMS. Despite resetting my phone multiple times and enabling two-factor authentication for all my accounts, I am still unable to remove these intruders. I’ve also used the paid version of Bitdefender for malware protection, but it hasn’t detected any malware. I am confident that the intruders remain in my system. To check if my phone is still compromised, I posted a story on Instagram and used the 'Close Friends' feature to share it only with my other account. However, I discovered that the intruders were still able to see the story. Additionally, they have made comments about my personal online activities that they should not have known about. What further steps can I take to ensure that my devices are fully secure, and how can I conclusively verify that the intruders are no longer accessing my information?

On a Cheap Chinese Android phone ( a honda civic sold to me with the price & specs of a Maserati ) , running plain vanilla android - my apps crash arbitrarily and I seem to think the culprit is a chinese app that shares the same uid:gid aka system with other apps that have this uid:gid. So If I pm disable it will disable my launcher toggle button as well as I cant launch settings . drwx------ 8 system system 3488 2024-08-29 00:32 /data/data/com.auroradroid.softmanager I am rooted. What If I chown it to another non system UID:GID and then disable it. Any idea what happens then in terms of sequelae ?

I had a rooted phone, in which I misclicked an apk and installed it. Almost immediately I uninstalled it and disabled the network (I also had afwall and netguard enabled). However it was too late. I got a ~100's of 0kb system apps without icons. I re-flashed the phone with fresh stock firmware and factory reset it, however the broken system apps (and likely the malware) are still there. Does anyone have suggestions on what can be done to fix this? Or any knowledge of similar malware? Some antivirus I could use, or maybe something stronger than a system flash? Thanks in advance. Picture after factory reset and flash.

I was looking for software to sync my Oppo A15s and PC. So I got to a software named My Phone Explorer. Both my phone and PC are working smoothly and efficiently. There is no problem in syncing, but one fine day, I was just checking the file section of My Phone Explorer, in which I found a subsection named Applications. In this application section, I found the list of all applications which are system applications as well as which I have installed from Play Store or by side loading. Now, the problem starts in this list: there are a few applications named "Athena", "green", "circular", "filled", and a few more; which I do not remember that I have installed. When I try to delete them, there is a failure notice. My Phone Explorer can export these as .APK. When I googled them, mostly they were talking about Windows desktop malware. So, can anybody enlighten me on what these are, and if they are malware, how to remove them?

I am currently working on a project which will identify malware that are residing on a device. My aim is to make a hash-based detection of Android malware on a device by only accessing the ADB port of the device and getting the SHA-256 (MD5, SHA1, etc could also work) of the base.apk which resides in the app's data directory. Is there any way to get the hash of an .apk file that is installed on a device using ADB, but without installing another app?

When using Chrome on my Nexus 6, I often get taken to a data URI that causes a modal that reads something like: > **An embedded page at s3.amazonaws.com says:** > Message! > Congratulations Grande Communications user, you have been chosen for a chance to get a new iPhone.... > Click OK to continue There is no Cancel button. **Why does Google allow developers to launch pop-ups with no cancel button?** This doesn't occur from clicking on a link. Usually it happens while I'm on a tab, and suddenly another tab will spawn with the modal. I don't think it's caused by a visit to a dubious host, because it's happened when I've had only top sites (Amazon, ebay, etc.) open in the other tabs. I have run Malwarebytes and a few other security tools and they all say my phone is secure and clean. What exactly is happening? On the standard Chrome browser, web extensions can rewrite URLs but Chrome for mobile doesn't have web extensions. Could an app intercept network calls from the browser? Could the sites I'm visiting just be serving malicious ads?

Please help me get rid of these ads on my Samsung Galaxy S22 Ultra. I do not have Samsung Internet activated. I'm using Chrome. I have the best ad blocker, as well as antivirus, to no avail. These ads keep coming. It seems to happen when I click on anything on my screen, even my Email app. Every ad seems to be different, and has nothing to do with anything I've previously searched. If I press and hold on the ad, it changes into a purple Saturn icon, with a white ring around it. I believe it belongs to Samsung Internet. I have gone into settings and deleted all data and history. Anything saved has been deleted. All permissions have been blocked. I've reset the phone multiple times and gone into my applications and deleted just about every single thing I have. Please, can anyone shed some light on this? I have called Samsung for help many times, but they seem to be more interested in hanging up on me.

![We have this image supplied to us by a concerned client. Normally we're pretty good at ID'ing these off the bat but this ones proving difficult to ID. ][1]

I input the command adb shell dumpsys netstats detail and found "-253". The "-253" doesn't have any package name, and this is the only mention of "-253" I could find in the ADB. It's been using data which is annoying because I have a very limited plan, and I can't figure out what it is (Aside from "f2fs gc-253" which shares the "-253" but I believe it to be unrelated) If anyone has an android of any model, with the latest updates + security patches, could you see whether it appears on your mobile? I'm trying to work out if this is a localized issue or if others have the same (If you don't want to bother with ADB, you can just use a specific data monitoring application, this is the only one able to capture the Unknown) "https://play.google.com/store/apps/details?id=com.roysolberg.android.datacounter&hl=en_US " it should be "Unknown (uid-253)" under yearly usage but it's not essential Thanks

I know that a malicious malware/spyware has been installed on my Samsung Galaxy S3 phone and I constantly get the message to close apps not in use because they drain my battery. But I do not have anything running. I have about 3-4 apps, others were turned off/updates uninstalled a long time ago. So the questions are not if my phone is infected - I know it is. The question is, how to find and remove it?