Persistent RAT

[nickhopp]

i havent disclosed this because most people think im crazy, but this malware/virus/hack is unlike anything ive seen. it started on my android phone. i only found out about it because i found recordings and screenshots from my phone in my onedrive trash folder. at first, i thought my wife was spying on me, but after further investigation, it seems to be just a super stealthy RAT. but this thing hacked my router from my phone while i was using it. i have also found the same malware on 10+ android phones, including 2 that i bought off ebay from 2 different sellers, on 2 completely opposite sides of the country. After trying everything to get rid of it, i finally ended up on these forums. I am wondering if you have came across malware like this before? malware that can hack routers and is cross platform with the ability to infect everything from amazon alexas and cell phones, to xboxs and laptops.

[AdvancedSetup]

No

Plenty of routers that are simply poorly designed and have known exploits. Factor reset will restore them but they remain easy to exploit again. Only a new OS if supported or replacing the router will help if you have an exploitable one.

Phones can have stealthy attacks on them too. Firmware reset to factory should remove

Windows too can be exploited but often can be cleaned up but if too bad a fresh CLEAN install that removes all partitions will remove any malware. In rare cases of something like LogoFAIL attack one would need to install an updated BIOS image from the vendor of the system but that is still very rare.

I'm assisting another user at the moment. Will check your logs soon

 

 

[AdvancedSetup]

The logs do not indicate any obvious issues at this time aside from Windows Defender has a registry setting for some type of restriction on it that should probably be removed.

 

 

The computer looks to have had Windows reinstalled on 11/30/2023 but how it was done is unknown.

Recommendations:

[ 1 ]

If you own your own router and are not renting it from your Internet Service Provider

Please ensure that you have the user manual for your router. Then perform a factory reset.

Check this site for router information
https://wiki.dd-wrt.com/wiki/index.php/Support

 

How To Reset Your Router
https://setuprouter.com/networking/how-to-reset-your-router/

Depending on one's preferences and the Router's capabilities please consider the following.

• Disable acceptance of ICMP Pings
• Change the Default Router password using a Strong Password
• Use a Strong WiFi password on WPA2 using AES encryption or Enable WPA3 if it is an option.
• Disable Remote Management
• Create separate WiFi networks for groups of devices with similar purposes to prevent an entire network of devices from being compromised if a malicious actor is able to gain unauthorized access to one device or network.
  Example: Keep IoT devices on one network and mobile devices on another.
• Change the network name (SSID).  Do not use your; Name, Postal address or other personal information.  Make it unique or whimsical and known to your family/group.
• Is the Router Firmware up-to-date ?  Updating the firmware mitigates exploitable vulnerabilities.
• Specifically set Firewall rules to BLOCK;   TCP and UDP ports 135 ~ 139, 445, 1234, 3389, 5555 and 9034
• Document passwords created and store them in a safe but accessible location.

 

[ 2 ]

If you're concerned about BIOS/UEFI attack (extremely rare) please reinstall or update the motherboard firmware from a factory image

 

[ 3 ]

Then perform a CLEAN install of Windows which includes removal of ALL partitions of the hard drive

I would not recommend using a Microsoft online account. Make sure to use a LOCAL account.

 

Clean Install Windows 10 & 11 (2023)
https://answers.microsoft.com/en-us/windows/forum/all/clean-install-windows-10-11-2023/1c426bdf-79b1-4d42-be93-17378d93e587

Also, please review the following topic

Bypass Microsoft Online Account Creation during installation of Windows 11
https://forums.malwarebytes.com/topic/296613-bypass-microsoft-online-account-creation-during-installation-of-windows-11/

 

 

[nickhopp]

so i have tried a clean install and replaced router when it happened. clean install doesnt work. ive never been able to update fully which i believe i am now. also, on the phones as well as the amazon alexas and the xboxs, resetting to factory defaults didnt work either. thats the main reason that i say its so intelligent. ive never came across malware that can survive a factory reset, much less on so many different platforms. ive had samsung, verizon, amazon, and a few different computer repair people tell me its impossible. which brings it back to people thinking im crazy lol

[nickhopp]

i had never heard of logofail but i just looked up a couple articles and that seems to be exactly what im dealing with. and idk if they know how widespread it is but i believe its on more devices than not in the entire country. ive found it on every android i have looked at. i would ask random people at the bar to check their phone and i would find it. I was truly starting to feel like maybe i was going crazy.

 

[nickhopp]

i switched to iphone because it didnt seem to affect my daughters, after infecting everything else on my network. that also lines up with it being logofail.

[AdvancedSetup]

I'm sorry but nothing I've ever heard of lines up with what you present.

If you've followed the advice and still having an issue, I would hire a local security company to come to your home and assist you.

 

 

[nickhopp]

Any suggestions on a company?

[AdvancedSetup]

I've sent you t Private Message

 

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you