Jump to content

Recommended Posts

Hello,

I have a fairly urgent problem. I have reason to believe that I have a stalker/spy app installed from an ex-friend in one of my old phones. I ran a Malwarebytes scan previously and 2 issues were found with one (to the best of my memory) being called "update service". I didn't think anything of it at the time as it appeared to sound legitimate but I was recently made aware that this could possibly be a stalker app. The problem now is that my old phone is bricked (I am having a data retrieval company retrieve the data professionally) but I want to recheck these scan logs to see if my suspicions were true. Would anyone be able to tell me what directory I would be able to find my old Android scan logs? Also, if this isn't possible would I be able to reach out to Malwarebytes to see if they would have kept a copy of the scan logs? On the privacy statement it states that all detection results are sent to Malwarebytes.

Sorry for the long post and thanks for your help.

Share this post


Link to post
Share on other sites

Hello Androidproblems,

Assuming from your username that your old phone was an Android device - what you are asking is not possible.

For privacy reasons we do not create logs in your file system and we do not send identifiable info to ourselves (so we cannot match any detections to you as a user). 

All I can recommend to you now is to setup a password on your new phone to restrict anybody else from accessing it.

Share this post


Link to post
Share on other sites

Hello Ncar,

Thank you for your response. I understand that in Android there is a detection/scan history which can be accessed via the app under "scanner". Where would this be kept in terms of file systems? Wouldn't there need to be some sort of log to be able to demonstrate this history via the app?

Share this post


Link to post
Share on other sites

The scan history which shows on the scanner screen is in an encrypted database in the app, you won't be able to access that unless you can run the app on that device (nor will we be able to).

If you happen to remember the detection name later (or ask your data retrieval specialists to make a list of all app packages/directories on the device), one of our researchers may be able to tell you what was installed (the type of malware, if there is a malware app).

Edited by ncar

Share this post


Link to post
Share on other sites

Thank you again ncar for your quick expert response. This is definitely not the news I was hoping for. 

To follow - the data retrieval expert can likely break encryption (as he is doing so to retrieve my data on my automatically encrypted android). There still would be no pathways/directory to the log history? I will ask him to list all app/packages installed and will forward this list to your team for analysis ( I will gladly pay for this service to Malwarebytes), but what if Malwarebytes deleted / quarentened the app previously? What would be the  ways of identifying this? If any?

Share this post


Link to post
Share on other sites

Sorry for the double post - I wasn't able to find a way to edit my last post. One follow-up question to your response - would there be malware/stalker ware app packages/ directories remaining on the device even if the app itself is deleted / quarantined? And this way we can determine if one was ever installed even if it was removed by Malwarebytes?

Share this post


Link to post
Share on other sites

Hi again,

We don't automatically remove things from your android app, you would have been involved. So if you didn't do that, then the app will still be present and it's very likely (no guarantee though!) that our research/support team will be able to recognise it from the package.

I wouldn't recommend any expert decrypts our databases, even if they could access them. Legal issues aside, the information inside is unlikely to make much sense to you.

Share this post


Link to post
Share on other sites

Thank you for your quick response once again. Final question before I decide how to proceed. In the case that malwarebytes did pick up the spyware/stalkerware in the past, and I clicked "remove/delete/quarantine" option that Malwarebytes gives for critical issues; would there still be traces of the app (let's say, if they left undeleted folders) or packages etc that your team of researchers would still be able to use to determine if there was the existence of such apps?

I am likely to go this route anyways, but I just wanted to get a better understanding on how reliable the final results would be.

Thank you so much for your time ncar.

Share this post


Link to post
Share on other sites

In theory there will be no traces, however this can really depend on the manufacturer - many phones alter their version of Android slightly, that's one of the challenges. Unfortunately I can't say what will be the case for you.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.