Jump to content

has my phone been hacked?? (toast message with chinese characters)


Recommended Posts

Hi,

i have a Xioami MIUI 12 Android 10 phone (not rooted or something). Yesterday, i was checking for an anime serie (i use Firefox) and finally apparently get it in website with apparently lot of pop-ups, intrusive ads... on it (it's not the first time that i have to deal with this types of site and never this things happened, i just close immediatly the pop-ups and that all habitually). So i entered (with Google searsh) in the site and just scrolled down in the page of the site one time (i didn't press anything on the website, just scroll down a bit one time only) and my phone suddently opened and switched to the Amazon application (it was already installed), by itself.

At this time, i was just thinking that the site opened a Amazon pop-up page and i was directly directed in the mobile app (even if its the first time that happened to me, in my memory). But, for precaution, i've immediatly closed the Amazon app (without seeing what was displayed on it) and Firefox, deleted all datas in both apps and i started an complete malware analys, as fast as i can, with the Malwarebytes app. So the analys gone for few minuts and i suddently got a toast message with chinese characters that appeared for a feeew seconds in the middle of my phone screen in the Malwarebytes app. It's at this moment that i thinked i have been hacked, it's the first time that happened to me in my memory.

So, i still have let finish the analys (and checked the screen some times, saw nothing strange), and after 10k+ datas and apps during 1,5+ hours, the analys finished and found nothing, 0 viruses. Just after, i still have by precaution immediatly after the analys cuted my (i was in 4g) internet (i think that i haved to do it direcly when i saw that toast message..) and i sent all my passwords to my pc (passwords of looooots of accounts with a lot of confidential infos) and i was having only 1 very important confidential data after the passwords, some screens of my ident card. After this, i checked fast the phone for see if new data was downloaded or something else suspect and i found nothing apparent, with the fast check that i did. So, finally i factory reseted my phone and immediatly did a analys with both Kaspersky and Malwarebytes apps, 0 viruses found.

My question is simple, with all the infos above, is there a little chance that my phone was hacked yesterday and my private datas in my phone, and my entire phone was accessible and usable by a tier person, and maybe the hacker still have the datas by saving them at this time? This is possible, just for a simple scroll down in a site with pop-ups??

I precise that nothing suspect in all my accs or something else happened at this time.

I stay online for additional infos if needed.

Thanks you very much if a calified person can guide me!!

Link to post
Share on other sites

Hi @kwartz,

The most likely scenario is that you still had some lingering browser related ad popups.  This is caused by the way browsers handle redirections executed by JavaScript code.  Most browsers do not do a great job of preventing these redirects, which can also cause ad pop-ups.  Unethical advertising affiliates are aware of this and exploit this weakness.  Even if an advertising affiliate is shut down for using this exploit, they just come back with a different affiliate id and are right back at it.

The best way to block these pop-ups is to try a different browser, disable JavaScript, install a browser with ad blocking (like Brave), and/or install Ad-block Plus.  Sounds like you already have by using Firefox; which I believe you can install an adblocker extension.

Good call clearing your history and cache within the browser.  In addition, clearing the Storage & Cache within the browser’s App Info itself also helps:

 

  1. Go to Settings > App Info
  2. Go to your browser app icon in App info list (such as Chrome/Firefox/Brave/etc) and click on it
  3. Once in your browser’s App info, go to Storage & cache
    1. Click Clear Storage
    2. Click Clear cache

By doing a full factory reset, everything is cleared out.  To have become infected with anything that could done more intensive malicious behavior, you would have had to accepted an install of an app.  Thus, you're all good!

Link to post
Share on other sites

3 hours ago, mbam_mtbr said:

Hi @kwartz,

The most likely scenario is that you still had some lingering browser related ad popups.  This is caused by the way browsers handle redirections executed by JavaScript code.  Most browsers do not do a great job of preventing these redirects, which can also cause ad pop-ups.  Unethical advertising affiliates are aware of this and exploit this weakness.  Even if an advertising affiliate is shut down for using this exploit, they just come back with a different affiliate id and are right back at it.

The best way to block these pop-ups is to try a different browser, disable JavaScript, install a browser with ad blocking (like Brave), and/or install Ad-block Plus.  Sounds like you already have by using Firefox; which I believe you can install an adblocker extension.

Good call clearing your history and cache within the browser.  In addition, clearing the Storage & Cache within the browser’s App Info itself also helps:

 

  1. Go to Settings > App Info
  2. Go to your browser app icon in App info list (such as Chrome/Firefox/Brave/etc) and click on it
  3. Once in your browser’s App info, go to Storage & cache
    1. Click Clear Storage
    2. Click Clear cache

By doing a full factory reset, everything is cleared out.  To have become infected with anything that could done more intensive malicious behavior, you would have had to accepted an install of an app.  Thus, you're all good!

Hi!

Thanks you very much for taking your time to answer and for all these precious infos. Now, i learned the leason and i would be for sure very more prudent.

Just as additional info, if i understand you, that chinese android toast message (my phone system is in french langage and all normal toast message habitually come in french or english langage) that came, without apparent reason, in the middle screen of the Malwarebytes app during analys was just an coïncidence and had no links with what happened before? Any idea of what was the cause of this chinese toast message? This is probable that happen for some reasons??

Thanks you and sorry for all these additional questions!

Link to post
Share on other sites

52 minutes ago, mbam_mtbr said:

Hi @kwartz,

Hard to tell without a screenshot, but sounds like an ad popup.

Thanks for your answer.

If this can help you to see more cleary, as example, it was an android toast message like this one (see the attached screenshot (it's not a picture of my phone and probably not exactly the same message)), it appeared for 2/3 seconds, without apparent reasons, during the first complete analys that i did on Malwarebytes, the one that i was talking about on my first post. When it appeared, i was in the Malwarebytes app for already some minuts, checking the analys, and was doing nothing in the phone, just looking at the analys.

In my knowledge, those type of messages are basicly sent by the system while doing a thing in the phone or in a specific app (like changing parameters, etc etc), but the problem that i was doing nothing at this moment, just looking the analys on Malwarebytes.

Any ideas, now, with those new informations, of what it can be? And, with all infos that you know about the situation, there is how many % of probabilities, for you with your knowledge in the matter, it was a sign (the android toast message and the switch in Amazon app when i was on Firefox) of a spyware or something like that, honestly?

Thanks!

IMG_20220414_230445.jpg

Link to post
Share on other sites

Hi @kwartz,

If you run Malwarebytes for Android, does it happen again?  We can look at your apps using an Apps Report to check for anything.

To send an Apps Report with Malwarebytes for Android use the following instructions.

  1. Open the Malwarebytes for Android app.
  2. Tap the Menu icon.
  3. Tap Your apps.
  4. Tap three lines icon in upper right corner.
  5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included.

At this point, it would be very helpful to mention you are submitting via recommendation from the Malwarebytes forum.  This allows our support staff to know where to direct it.

By sending the Apps Report, you will create a ticket in our support system.

Private Message (PM) me the email used and/or the ticket number assigned.

Link to post
Share on other sites

1 hour ago, mbam_mtbr said:

Hi @kwartz,

If you run Malwarebytes for Android, does it happen again?  We can look at your apps using an Apps Report to check for anything.

To send an Apps Report with Malwarebytes for Android use the following instructions.

  1. Open the Malwarebytes for Android app.
  2. Tap the Menu icon.
  3. Tap Your apps.
  4. Tap three lines icon in upper right corner.
  5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included.

At this point, it would be very helpful to mention you are submitting via recommendation from the Malwarebytes forum.  This allows our support staff to know where to direct it.

By sending the Apps Report, you will create a ticket in our support system.

Private Message (PM) me the email used and/or the ticket number assigned.

Hi,

Thanks for your answer.

I did some tests with some other analyses after the factory reset and no, this did not happened an other time, only one time this happened to me (chinese toast android message) since i use the Malwarebytes app. So, at this point, i don't think it was related to the app. Any ideas of what was the potential cause of that? Same questions as my last post.

Thanks.

Link to post
Share on other sites

Hi @kwartz,

It could have been a legit system toast message for your Xioami MIUI phone that does originate in China, or could of been some app that is no longer installed after the factory reset.  Without an Apps Report before the factory reset, it's hard to tell.  Regardless, it appears the factory reset took care of the issue.

  • Thanks 1
Link to post
Share on other sites

  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.