Advice Request Possible network attack/malware infection on Android

Please provide comments and solutions that are helpful to the author of this topic.

S

SeaMonster

Level 1
Thread author
Oct 19, 2018
4
I don't know if this is the correct section, but it seemed security related to me....Forgive me for any mistakes, I'm not very tech savvy.

The night of the 17th, I was using the Facebook app while suddenly a download in progress icon appeared in the status bar. I pulled down the notifications screen just in time to catch a glimpse of the word "attackers" followed by a bunch of symbols like $ before it disappeared. I could not find anything in the downloads folder list, ESET premium that was monitoring my phone and all downloads hadn't even detected it, and I tried in vain to search online using only the selected phrases I had managed to glimpse.

Then by sheer luck, today, I managed to find a thread on this problem with the full details. The message had been "attackers on <b>%1$s</b> might atte..." with a download in progress while using Facebook app. Which I assume is completed as "might attempt to steal your information" or something.

I tried using this phrase to search about it on Google, and while nothing specific to this problem came up, a list of generic information results on various types of network attacks, DDos, man in the middle and zero day attacks came up, which has me really worried.

I am still using the phone as is, I really don't know much about technology related things. Please advise me what I should do now, if I should just turn off the phone or something. The person in the other thread said he had reset his phone and the problem had reappeared when he had signed into Facebook again, so now I'm not sure if a simple factory reset will help and I will probably need to install a custom ROM or something.

I'm using Android 7.0 in a Samsung Galaxy J7 Prime. I got a software update to Oreo just an hour earlier and I wonder if updating the software will help remove whatever malware/spyware/hacking application got installed.

Please help, I am logged into all my accounts through this phone and it's already been like 4 days since the message first appeared damage control is needed.

Thank you very much. If you know anything, anything, please let me know it's very urgent.

P.S. The person who responded to the other thread had no idea what this was except that it was a php code, hence I'm trying to see if other security experts might know.
 
  • Like
Reactions: Weebarra, Daviworld and vtqhtr413
C

ChemicalB

Level 8
Verified
Sep 14, 2018
360
No idea but I feel strange a piece of malware or an attacker warn you with a message as: "attack in progress, I'm stealing your data. ..."
Normally, an attack is made in background so that the victim is not aware of that.
BTW everything is possible, have you recently installed some new apps? There are malware that steal data from FB but in this case Eset would have detected it.
However, you can start a scan with Malwarebytes and Kaspersky for Android and see if they detect something.

Is your problem isolated just to that phone? Can you try to enter FB using another device and see what happens?
Some malware can be rooted so deeply that not even a hard reset can delete them, but they are not so common. In this case it is almost impossible to fix the problem.

Again, it is also possible an attack based on your FB account and in this case you could try changing the login password by using a clean device, your PC, for example.

Just my opinion, you can wait for other members comments.
 
  • Like
Reactions: Weebarra and vtqhtr413
S

SeaMonster

Level 1
Thread author
Oct 19, 2018
4
stepseven84 said:
No idea but I feel strange a piece of malware or an attacker warn you with a message as: "attack in progress, I'm stealing your data. ..."
Normally, an attack is made in background so that the victim is not aware of that.
BTW everything is possible, have you recently installed some new apps? There are malware that steal data from FB but in this case Eset would have detected it.
However, you can start a scan with Malwarebytes and Kaspersky for Android and see if they detect something.

Is your problem isolated just to that phone? Can you try to enter FB using another device and see what happens?
Some malware can be rooted so deeply that not even a hard reset can delete them, but they are not so common. In this case it is almost impossible to fix the problem.

Again, it is also possible an attack based on your FB account and in this case you could try changing the login password by using a clean device, your PC, for example.

Just my opinion, you can wait for other members comments.
Click to expand...

Thank you very much for answering, @stepseven84

I thought the exact same thing you did, like what malware would just come up and say hey I'm malware in bold letters. But since this has happened to someone else too and I'm not able to understand what it was really. It seemed like a warning notification message that attackers might steal your message and yet it had a download progress bar beneath it which is so unusual.

The only apps I have downloaded recently are some security apps, like Malwarebytes and Norton. I didn't keep them on my phone though, I was using them for a one time scan of my phone cause a particular app was crashing a lot. That was before this incident.

After this incident, I ran scans with Kaspersky Trial version, McAfee free, Sophos and Norton free. May have used Avast free too don't remember. All full/deep scans, nothing was detected. I also have Knox protection active on my phone from day 1 as it is a Samsung device.
And truth be told, I consider myself a safe user. I never install apps from third party stores or apks or anything, don't torrent, don't even browse a lot though I'm browsing now thanks to all this. That some malware would have gotten on my device anyway surprises me, but guess you can never be 100% safe.

I am logged into Fb on another device but from a different account, and this has not happened there (not to my knowledge anyway). I will try logging into this particular account from another device, on my device it was a one time incident; after updating the app and accessing it again, nothing of this sort happened again that day.

Thanks for answering! Appreciate it. If anyone's able to find out anything about this particular message, would be grateful if you posted it here. Peace of mind to conclusively know what it waa...
 
  • Like
Reactions: ChemicalB and roger_m

Similar threads

Xeno1234
    • Like
  • Locked
Solved Possible Network Intrusion.
Replies
66
Views
2,775
General Security Discussions
Xeno1234
Xeno1234
Xeno1234
    • Wow
    • Like
  • Locked
Solved What should I do here?
Replies
27
Views
1,383
General Security Discussions
Jengo
Jengo
Jonny Quest
    • Applause
    • Like
Question Business and Home Network AV concern.
Replies
8
Views
554
General Security Discussions
Guilhermesene
Guilhermesene

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top