Search the Community
Showing results for tags 'mitm'.
Found 2 results
RayRay26 posted a topic in Mobile Malware Removal Help & SupportThe night of the 17th, I was using the Facebook app while suddenly a download in progress icon appeared in the status bar. I pulled down the notifications screen just in time to catch a glimpse of the word "attackers" followed by a bunch of symbols like $ before it disappeared. I could not find anything in the downloads folder list, ESET premium that was monitoring my phone and all downloads hadn't even detected it, and I tried in vain to search online using only the selected phrases I had managed to glimpse. Then by sheer luck, today, I managed to find a thread on this problem with the full details. The message had been "attackers on <b>%1$s</b> might atte..." with a download in progress while using Facebook app. Which I assume is completed as "might attempt to steal your information" or something. I tried using this phrase to search about it on Google, and while nothing specific to this problem came up, a list of generic information results on various types of network attacks, DDos, man in the middle and zero day attacks came up, which has me really worried. I am still using the phone as is, I really don't know much about technology related things. Please advise me what I should do now, if I should just turn off the phone or something. The person in the other thread said he had reset his phone and the problem had reappeared when he had signed into Facebook again, so now I'm not sure if a simple factory reset will help and I will probably need to install a custom ROM or something. I'm using Android 7.0 in a Samsung Galaxy J7 Prime. I got a software update to Oreo just an hour earlier and I wonder if updating the software will help remove whatever malware/spyware/hacking application got installed. Please help, I am logged into all my accounts through this phone and it's already been like 4 days since the message first appeared damage control is needed. Thank you very much. If you know anything, anything, please let me know it's very urgent.
*cross-posting from BleepingComputer forums. I didn't get any replies there for 5 days, I hope someone here may be willing to help.* I'd be grateful for some advice on my situation. I'm using Mac OSX 10.8.5 (I know I need upgrade as soon as I poss, currently travelling). I starting seeing "connection not secure" browser error dialogue when trying to open facebook, instagram, skype. But opened my bank's portal no problem. Same behaviour in FF, Chrome and Safari. Sometimes it would redirect and display an OpenDNS error page instead. I couldn't pick a pattern for why. Google search started prompting me to verify that I'm human. The problem disappeared when I found and removed OpenDNS addresses from my DNS settings. But prior to that I had taken a bunch of steps (listed below). Subsequently I've removed Spigot adware from my system. Now I'm not sure if I'm vulnerable to a MITM attack? Or is the problem is resolved? In particular, I'm not sure how the OpenDNS addresses got added to my DNS settings. Could it be the Spigot adware? Or should I be looking for something else? Steps I've taken: Checked that pages that produced the "not secure" error load with my phone and a different computer on the same wifi network - they do. So not a router issue Timezone, date and time are synced with Apple servers Updated Java Disabled all browser plugins Firefox, browser I use every day - cleared cache and offline files scan with clamxav (2016 version, updated definitions, no infection found) scan with knock-knock (current ver, no infection found) At this point I found OpenDNS addresses and removed them. scan with Avast 12.5, found and removed firstname.lastname@example.org Spigot-O "YahooEngine.xml" Several Spigot files already sitting in Malwarebytes "removals" folder Checked for Avast CA untrusted certificate in KeyChain - not present (but Avast is using MITM, switching in its own trusted certificate) Downgraded anti-malware bytes to 1.2.4 (1.2.5 requires OSX 10.9 or later, apparenty), found and removed "adware.Spigot" I'd appreciate some help on this! Many thanks