fredflinstone
Lurker
My device has been infected with a RAT (Remote Access Trojan) or whatever the phone equivalent it. Here is my device info.
-----------------------------------------------------------------------------
Model: Samsung Galaxy Note 5 (CDMA) (SM-N920V)
Service Provider: Verizon
Board: universal7420
Hardware: Samsungexynos7420
Total RAM: 3664MB
Internal Storage: 23.47GB
Android Version: Marshmellow 6.0.1
API Lvl: 23
Security patch level: 2016-04-02
*Ask if you need more system info*
-----------------------------------------------------------------------------
I have factory reset my device multiple times, reset then encrypted, and full reset from encryption to factory by using the Kaspersky device nuke security function for if it gets stolen. I have scanned it with multiple top-rated virus and malware scanners with 0 results. I have scrambled all of my accounts passwords, disconnected my accounts from all devices, enabled 2-step verification for what has it, and I have done all of this running phone regularly and in safe mode. I have also scrambled my passwords from friend's computers, but since it logs me out on my phone when I do that it is virtually wasted time doing so. After all of this there are still signs of infection.
With this all signs point to a bug that gained SuperUserPrivledges and has installed itself as a system application. At least I hope that this is the case because if it is any deeper I will probably give up and decommission my phone I'm paying off for another year and a half which I morally can't cover by selling an infected device.
I would like to obtain a list of SysApps so that I can compare my list to the day-1 list to see if I can pinpoint the location to share the design/coding with White Hats for studying and prevention. I would also like to determine if it has only gotten as deep as a SysApp before I decide to go through the process of backing up all my data, changing the passwords on all my accounts, uninstall/reinstall OS, and then transfer data back onto my device, downloading all the apps, and logging into my accounts. It would also be nice to root my phone and remove it along with all the bloatware.
Is there anyway for SysApps to be hidden and not displayed in the app manager?
Is there anyway this bug is located somewhere that I've overlooked and it would survive what I've done besides SysApps? If so can user privileges access the location and remove the bug?
Thanks!
---------------------------------------------------------------------------------------------------------------------------------------------
Below details what RATs are and can do, the terms used by ratters and its community
---------------------------------------------------------------------------------------------------------------------------------------------
..........
I am what is known as a 'slave' for the one controlling the rat. Generally 'ratters' have a large stock of slaves that they can monitor whenever they please. There are also black markets where ratters buy, sell, and trade slaves on the deep web. The ratters can watch what they are doing on their device(s), view their surroundings through the cameras, obtain sensitive info with keyloggers, listen in on real-time phone conversations or have them all record to listen to later, turn on the microphone to listen in on what's going on around the phone, record video, take pictures, take screenshots, load docs onto device, copy/delete docs on device, restart device, flash images that cover the whole screen or just partially, can operate the device as if they were holding it with their pc/tablet which lags the phone and drains the battery, and can add additional tools from other viruses and remove them when they're done using them.
Ratting is used by some to gather personal info, login credentials, and media (nudes) then use what they gathered for financial gain. However there are some ratters who choose not to use personal info for financial gain or use compromised profiles for phishing campaigns so that there is no hard-evidence they have infected someone. This sect of ratters do make some money selling nudes, but they also harass their slaves by leaving unverifiable signs of their presence, make them believe a government agency is monitoring them, leave messages with victim's address, content of private conversation, or encouraging suicide; they will also send old draft emails to who they were addressed to, open new tabs with different sites in them, and will blackmail girls and sometimes guys with nudes and conversations that they will say they will release unless they do sexual acts on cam for them etc.
I'm sure with enough searching one could find a community that uses RATs for much darker reasons.
-----------------------------------------------------------------------------
Model: Samsung Galaxy Note 5 (CDMA) (SM-N920V)
Service Provider: Verizon
Board: universal7420
Hardware: Samsungexynos7420
Total RAM: 3664MB
Internal Storage: 23.47GB
Android Version: Marshmellow 6.0.1
API Lvl: 23
Security patch level: 2016-04-02
*Ask if you need more system info*
-----------------------------------------------------------------------------
I have factory reset my device multiple times, reset then encrypted, and full reset from encryption to factory by using the Kaspersky device nuke security function for if it gets stolen. I have scanned it with multiple top-rated virus and malware scanners with 0 results. I have scrambled all of my accounts passwords, disconnected my accounts from all devices, enabled 2-step verification for what has it, and I have done all of this running phone regularly and in safe mode. I have also scrambled my passwords from friend's computers, but since it logs me out on my phone when I do that it is virtually wasted time doing so. After all of this there are still signs of infection.
With this all signs point to a bug that gained SuperUserPrivledges and has installed itself as a system application. At least I hope that this is the case because if it is any deeper I will probably give up and decommission my phone I'm paying off for another year and a half which I morally can't cover by selling an infected device.
I would like to obtain a list of SysApps so that I can compare my list to the day-1 list to see if I can pinpoint the location to share the design/coding with White Hats for studying and prevention. I would also like to determine if it has only gotten as deep as a SysApp before I decide to go through the process of backing up all my data, changing the passwords on all my accounts, uninstall/reinstall OS, and then transfer data back onto my device, downloading all the apps, and logging into my accounts. It would also be nice to root my phone and remove it along with all the bloatware.
Is there anyway for SysApps to be hidden and not displayed in the app manager?
Is there anyway this bug is located somewhere that I've overlooked and it would survive what I've done besides SysApps? If so can user privileges access the location and remove the bug?
Thanks!
---------------------------------------------------------------------------------------------------------------------------------------------
Below details what RATs are and can do, the terms used by ratters and its community
---------------------------------------------------------------------------------------------------------------------------------------------
..........
I am what is known as a 'slave' for the one controlling the rat. Generally 'ratters' have a large stock of slaves that they can monitor whenever they please. There are also black markets where ratters buy, sell, and trade slaves on the deep web. The ratters can watch what they are doing on their device(s), view their surroundings through the cameras, obtain sensitive info with keyloggers, listen in on real-time phone conversations or have them all record to listen to later, turn on the microphone to listen in on what's going on around the phone, record video, take pictures, take screenshots, load docs onto device, copy/delete docs on device, restart device, flash images that cover the whole screen or just partially, can operate the device as if they were holding it with their pc/tablet which lags the phone and drains the battery, and can add additional tools from other viruses and remove them when they're done using them.
Ratting is used by some to gather personal info, login credentials, and media (nudes) then use what they gathered for financial gain. However there are some ratters who choose not to use personal info for financial gain or use compromised profiles for phishing campaigns so that there is no hard-evidence they have infected someone. This sect of ratters do make some money selling nudes, but they also harass their slaves by leaving unverifiable signs of their presence, make them believe a government agency is monitoring them, leave messages with victim's address, content of private conversation, or encouraging suicide; they will also send old draft emails to who they were addressed to, open new tabs with different sites in them, and will blackmail girls and sometimes guys with nudes and conversations that they will say they will release unless they do sexual acts on cam for them etc.
I'm sure with enough searching one could find a community that uses RATs for much darker reasons.