• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

[HELP] Security issue

Brockd2020

Brockd2020

Newbie
Hey everyone, if you guys could shed some light on this I'd appreciate it.

I have fairly strong suspicion my phone (note9 tmobile) has been compromised and is being attacked via shell, scripts, initially via a usb cable directly to the phone now remotely via Apache studio.

I'm really lost in trying to figure out what to do right now to secure my phone then where to go from, I have tons of screenshots but here are just some, if anyone is willing to help I will be immediately responding to everything and I would greatly appreciate it.

My main question is, what do I need to immediately do to stop it, where is a good starting point for researching what's going on specifically with this particular scenario.

https%3A%2F%2Fimgur.com%2Fa%2FX8IUbP6


https:// imgur. com/a/X8IUbP6 not sure why they wont post, I dont forum much it's not spam mods, I promise.
 
I'd start with a Factory Reset, which should return the phone to how it was when you bought it.
And have a look in the sub forum here for your phone.
 
Shell scripts? How did you determine that might be the actual source of the problem, if there is one. Typically a shell script requires one to actually execute it for it to be able to perform whatever it was scripted to do. So where did you obtain these shell scripts, what function where they 'supposed' to do, and do you often run shell scripts from otherwise anonymous sources very often?
 
svim said:
Shell scripts? How did you determine that might be the actual source of the problem, if there is one. Typically a shell script requires one to actually execute it for it to be able to perform whatever it was scripted to do. So where did you obtain these shell scripts, what function where they 'supposed' to do, and do you often run shell scripts from otherwise anonymous sources very often?
Click to expand...
I didnt run any shell scripts.

I found the"SHELL" app in my system files.

I googled it, and I had some random
.apache things in some permissions or registry looking things, and kept looking around and o found these shell scripts in the data side of my SD card idk, I think someone has my phone emulated on a apache studio based cpu.

So I know it skeptical but it's real and I really need some help lol

I know a a lot about computers, but nothing really about android, java, scripts or coding at all. So I just need a little bit of help to get a full picture and get my devices safe and I can do my own education and what to do long term

If u can help I'd appreciate it
Screenshot_20191024-134157_FX.jpg
Screenshot_20191024-134126_FX.jpg
Screenshot_20191024-161521_FX.jpg
Screenshot_20191024-135600_FX.jpg
Screenshot_20191024-134225_FX.jpg
Screenshot_20191024-134054_FX.jpg
Screenshot_20191024-133241_FX.jpg
Screenshot_20191024-134615_FX.jpg
Screenshot_20191024-134157_FX.jpg
Screenshot_20191024-134126_FX.jpg
Screenshot_20191024-161521_FX.jpg
Screenshot_20191024-135600_FX.jpg
Screenshot_20191024-134225_FX.jpg
Screenshot_20191024-134054_FX.jpg
Screenshot_20191024-133241_FX.jpg
Screenshot_20191024-134615_FX.jpg
Screenshot_20191024-134225_FX.jpg
 
svim said:
Shell scripts? How did you determine that might be the actual source of the problem, if there is one. Typically a shell script requires one to actually execute it for it to be able to perform whatever it was scripted to do. So where did you obtain these shell scripts, what function where they 'supposed' to do, and do you often run shell scripts from otherwise anonymous sources very often?
Click to expand...


Also, the monkey thing in the code really through me off, but after that google it was obvious a shell based script (in my eyes anyway, If that applies to all scripts i guess i just sound dumb but that's ok i dont claim to know much about this stuff except my phones is fd.)
 
svim said:
Shell scripts? How did you determine that might be the actual source of the problem, if there is one. Typically a shell script requires one to actually execute it for it to be able to perform whatever it was scripted to do. So where did you obtain these shell scripts, what function where they 'supposed' to do, and do you often run shell scripts from otherwise anonymous sources very often?
Click to expand...
Is there something I'm missing here that makes it appear like I'm some sketchy anonymous shell scripter? I can promise u before today I had no clue anything about a shell script at all and I really am pretty much still at that point lol
 
Well the Registry you're referring to is a Windows-only matter so that's not an issue (no other operating system relies on such a thing, for good reason). As for randomly using a utility to poke around your phone's operating system it's a good way to learn things but you should take some classes or at least read up a lot more on basic fundamentals first so you get a better idea on what is and isn't a potential issue. Offhand, it looks like you're looking for problems based on an assumption there is one.
 
Ok, well I know there is a problem I just dont know what it is, you know much more about these things than I do, but I know really well that random system apps arent supposed to using 15GB of wifi data over night and having every permission under the sun as a random android system app and when I goto dig to find out what's going on the the 15GB app find a shell app with a folder in it on the emulated storage with shell scripts that I didnt put there there and all other kinds of random issues not to mention all these apache strings. I've tried to figure it out alot, and I use my phone everyday for my personal stuff and really would like the issue resolved.

Do you think you might be willing to help me out a little bit? I'd be happy to upload other relevant screenshots etc. I just need a bit of help my man, not a college course.

I dont mind doing research and figuring things out I literally just need someone who knows to just give me a solid baseline so I'm not completely wasting my time with something I admittedly know almost nothing about.

Help me out sir, I'd really appreciate it.
 
Welcome to Android Forums, Brockd2020!

You've mentioned things that sound implausible, for example, that your phone is "being attacked via shell, scripts, initially via a usb cable directly to the phone now remotely via Apache studio." Who had physical access to your phone to not only plug in a USB cable, but then have time to do nefarious things?

At any rate, rather than fretting over something that may or may not be happening, I suggest that you take @Davdi's advice: do a factory reset. (Make sure you've copied your photos and other data somewhere safe first.)

You should end up with a factory-fresh phone which, if kept securely--both physically and by locking--will have you safely back in business.
 
Brockd2020 said:
Hey everyone, if you guys could shed some light on this I'd appreciate it.

I have fairly strong suspicion my phone (note9 tmobile) has been compromised and is being attacked via shell, scripts, initially via a usb cable directly to the phone now remotely via Apache studio.
Click to expand...

How was that happening? Like the phone must be plugged into a computer to do that.

"Apache studio"?? is this it? http://directory.apache.org/studio/ And I've no idea how that would "attack" your phone remotely?
 
Sure, there is a very good reason actually in my life someone wants access to my phone and the Gave them the opportunity the other day. Let me go over the things I've found real quick and see if I can layman's term explain and just tell me if I'm way off base or if its realistic, I'm pretty confident.

This is the general premise of what I believe. The person was able to physically plug in a microusb to my phone, and did so to bypass my password/biometrics with (I forgot the exact terminology, but I will find the screenshots)

Upon doing so they installed what they needed to to have ongoing access to my phone. Including listening to calls, recording all my calls and exporting huge amounts of data. I believe the vulnerability is called a sip attack, but I dont remember exactly.

Final point being that there is an emulated version of my phone via legacy apache android studio and the person is using google api/shell whatever to continually extract data my phone and monitor whatever they like.

Let me get these screenshots together I'd be happy to upload them.

If I didnt use some correct terms I apologize, but I promise I'm not an idiot or paranoid. I am positive the premise of what I'm saying is 100% right just havent completely figured it out/had enough time to research and educate myself
 
This was one of the first things. I don't and never have used tiktok, I'm a 30 year old man. There is some firebase google api exploit/vulnerability with this tiktok google nonsense.

So heres where my journey (kinda began) with this and the shell file. Then learning about reverse shell and the potential for voip exploits with sip attack? Which is also where another issues lies with my text now app.

Relevant screenshots here. Will upload more as soon as I find them

Also there ilare things installed in 2008? I've had this phone and Google account significantly less time than that. Random "web" unremovable PCs you can see on google voice, permissions I never gave Google, and when inspected pull up no proper reason just a blank ok box.

Help me out or call me crazy, please. I have too many screenshots to go through tonight but this is just the beginning.
20191025_003434.jpg
20191025_003554.jpg
Screenshot_20191023-220201_Samsung capture.jpg
Screenshot_20191023-220259_Package installer.jpg
Screenshot_20191023-220256_Package installer.jpg
Screenshot_20191023-220108_Apk Analyzer.jpg
Screenshot_20191023-220055_Apk Analyzer.jpg
Screenshot_20191023-220201_Samsung capture.jpg
20191025_004023.jpg
 
It's just really hard to believe that I've never in 30 years had a problem with a phone almost ever and as soon as I was around someone who has the ability, desire and dedication to do something like this, I start having issues and all kinds of (to me) unexplainable things and then google has permissions to everything and there are tiktok syncreceivers involved, emulator files in my system storage, huge data dumps/datausage issues, literal all the relevant reverse shell scripts to extract information, telephony issues, VOIP issues.

It all fits together pretty well in my head, but I've been up stressing it for like 20 hours trying to figure out what to do and I am a normal, drug free person, it's just having that much of an effect on my life.

I'm a business owner and a dad, and I'm going through a really nasty divorce, so this could really effect my life, I'm not just some idiot whois paranoid or skitzed out about my phone, really.
 
Well I know what TikTok is. It's called Douyin here in China. Is it a Chinese brand phone you've got there? Because some Chinese phones do have that included, as bloat. I don't use it myself either.

As for the Google Voice stuff. don't know so much about that, as that's a US only service that Google has AFAIK.

Suggest you post the brand, model number, and if it's a carrier version, and which carrier, that your phone is on. Might be give us a better idea if this stuff is supposed to be there or not, like the manufacturer and/or carrier put it there.
 
Last edited:
mikedt said:
Well I know what TikTok is. It's called Douyin here in China. Is it a Chinese brand phone you've got there? Because some Chinese phones do have that included, as bloat. I don't use it myself either.

As for the Google Voice stuff. don't know so much about that, as that's a US only service that Google has AFAIK.

Suggest you post the brand, model number, and if it's a carrier version, and which carrier, that your phone is on. Might be give us a better idea if this stuff is supposed to be there or not, like the manufacturer and/or carrier put it there.
Click to expand...


Sure my phone is Samsung Note9 T-Mobile carrier.
 
It's become clear, Brockd2020, at least to me, that for whatever reason you're not actually interested in solving the problem--if there is one.

You've been given a definitive solution, one that would work swiftly and completely, yet you ignore it, choosing instead to carry on with 'proof' of an intruder. Keeping in mind that you gave this vile intruder physical access to your phone, the solution offered would give you a fresh start, one in which you've learned your lesson and won't give anyone access to your phone again.

If/when you decide to proceed with the solution offered, rather than continuing to wallow in stress and worry, let us know!
 
MoodyBlues said:
It's become clear, Brockd2020, at least to me, that for whatever reason you're not actually interested in solving the problem--if there is one.

You've been given a definitive solution, one that would work swiftly and completely, yet you ignore it, choosing instead to carry on with 'proof' of an intruder. Keeping in mind that you gave this vile intruder physical access to your phone, the solution offered would give you a fresh start, one in which you've learned your lesson and won't give anyone access to your phone again.

If/when you decide to proceed with the solution offered, rather than continuing to wallow in stress and worry, let us know!
Click to expand...
You guys are right.

Doing so now, but I do want to still figure out what happened. I will be back
 
You must log in or register to reply here.
Back
Top Bottom