Jump to content

Possible malware infection/network attack - need help urgently


Recommended Posts

The night of the 17th, I was using the Facebook app while suddenly a download in progress icon appeared in the status bar. I pulled down the notifications screen just in time to catch a glimpse of the word "attackers" followed by a bunch of symbols like $ before it disappeared. I could not find anything in the downloads folder list, ESET premium that was monitoring my phone and all downloads hadn't even detected it, and I tried in vain to search online using only the selected phrases I had managed to glimpse.

Then by sheer luck, today, I managed to find a thread on this problem with the full details. The message had been "attackers on <b>%1$s</b> might atte..." with a download in progress while using Facebook app. Which I assume is completed as "might attempt to steal your information" or something.

I tried using this phrase to search about it on Google, and while nothing specific to this problem came up, a list of generic information results on various types of network attacks, DDos, man in the middle and zero day attacks came up, which has me really worried. 

I am still using the phone as is, I really don't know much about technology related things. Please advise me what I should do now, if I should just turn off the phone or something. The person in the other thread said he had reset his phone and the problem had reappeared when he had signed into Facebook again, so now I'm not sure if a simple factory reset will help and I will probably need to install a custom ROM or something. 

I'm using Android 7.0 in a Samsung Galaxy J7 Prime. I got a software update to Oreo just an hour earlier and I wonder if updating the software will help remove whatever malware/spyware/hacking application got installed. 

Please help, I am logged into all my accounts through this phone and it's already been like 4 days since the message first appeared damage control is needed. 

Thank you very much. If you know anything, anything, please let me know it's very urgent.

Link to post
Share on other sites

Hi @RayRay26,

My guess is that this was simply a browser related ad/popup, and you didn't actually get infected. This is caused by the way most browsers handle redirections executed by javascript code.  Most browsers don't do a great job of preventing these redirects, which also cause ad pop-ups.  Advertising affiliates are aware of this, and exploit this weakness.  Even if an advertising affiliate is shut down for using this exploit, they just come back with a different affiliate id and are right back at it.

The best way to block these pop-ups are to try a different browsers, disable javascript, install a browser with ad blocking (like Opera), and/or install Ad-block Plus.

If you encounter these pop-ups again, back out of them using Android's back key. Also, clearing your history and cache will help stop the ads from reoccurring.

However, if you like me to check out your device, you can send me an Apps Report.

To send an Apps Report with Malwarebytes for Android use the following instructions.

1.Open the Malwarebytes for Android app.

2.Tap the Menu icon.

3. Tap Your apps.

4. Tap three lines icon in upper right corner.

5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included. Send the Apps Report to create a ticket.

PM me the email used and/or the ticket number assigned.

Thanks for reaching out,
Nathan

Link to post
Share on other sites

Hello, thank you for responding. The problem that occurred seems largely to be a Facebook app related issue, as I have found other people on online forums having the same problem while using Facebook app. 

This is a screenshot taken by another user of the incident, and this is the same it looked like on my phone.

https://m.imgur.com/a/31Pds5y

Would be grateful if you take a look at the link above, and see if you might know something about it.

And yes, I will submit an Apps report, because my phone has been having other troubles too. Will you be able to see all the system apps on my phone through the report too? Because I would love a thorough check up, Malwarebytes app's scanner itself does not detect anything either in the apps or on the files on device storage, but I find weird files in my Downloads folder that I never installed.

rce_plugin_strings_resource_cs_CZ.json.min

rce_plugin_strings_resource_en_US_test.json.min

I find around 11 files with similar names in my downloads folder, and I don't understand what they are for, and I have never downloaded them on my own. The dates on these files are before the Facebook popup incident occurred though.

I'm afraid if I do have malware, it's rooted into the system because all the user installed apps have been there for a long time and never caused any problems. Thank you so much for helping, please get back to me on this at your convenience and I will proceed to send you the report asap.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.