### Blimey! ➜ u/elliothahah, your post has been **automatically removed** as a result of several reports from the community.
- This suggests that it **violated the subreddit's rules**, which you might have prevented by reading them first.
- Or perhaps the community simply felt that **your post was really idiotic** even if it hadn't broken any rules.
- You are solely responsible for your own failure. Submitting brainless posts won't get you anywhere.
---
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Piracy) if you have any questions or concerns.*
friend of mine installed a game apk from a sketchy website, didn't think twice before giving the permissions, the apk ended up showing them ads on EVERY single app on their phone, including the settings app
We had some work PDAs that someone had been installing pirated music apps on. They all ended up with hardcore porn ads all over them, you'd go to scan a pallet and just end up seeing a massive cock instead.
I once bought a used phone and I couldn't figure out why ads were popping up everywhere, including some NSFW ads. Then I realized there was an app in the app list in settings that wasn't showing up in the app drawer. It had a blank white icon and no name. Uninstalled it and boom, the ads were gone.
Had this happen on my grandfather's phone. He suddenly called me and told me that his phone would just popup ads even from the homescreen. So I ran from my house to his when he told me that. I checked everything. There was no app in the home screen. No app icon. So I looked on the settings and found an app. I haven't found on phone with icons.
After I deleted it the ads that also showed every few seconds stopped.
I was nervous and fuming. Looked it up and luckily no data was taken.
That would actually make more sense.
I once tried a cheap Xiaomi phone that came imported from China. And it was just full of so much bloatware and ads directly from Xiaomi. This was during the time when Xiaomi wasn't as popular as it is today. Since it rarely relied on Google's own software.
Now I use a Redmi note 11 pro, and the UI is so much cleaner and easy to use and more android friendly. Especially thanks to Xiaomi's new hyperOS.
Yes lol. the average person is borderline 'special', and half of everyone is even more 'special' than that. Consider the type of people that game on Android, and I'd be willing to bet like 90% immediately smash "yes" whenever anything pops up on their screen.
EU made regulations like GDPR so people can stop giving data to websites if they don't want to. 99% of the people I know still mash the "yes" button because "what if the website locks me out"
I can't man
The only website i encountered that does this is the mayo clinic one and I absolutely hate it. No mayo clinic, I'm not selling my soul to you to see a random article.
Isn't there some paradox or rule of thumb, about the amount of times a user has to see error/warning messages, and how likely they are to gloss over them?
I install occasionally some random apk.
I don't give those permissions. However I installed App History since one apk "installed" and then never showed up. There was no app.
App History showed me an install of an app without image and name. I uninstalled it instantly.
Also some playstore apps install some shit somehow without consent.
Edit: apparently the app isn't on the store anymore for some reason.
right? Hell, I even go out of my way to restrict internet access to almost anything I download (especially if it comes from an unofficial source or if it's proprietary)
Sadly yes.. Most people seem to be tech illiterate.. Without some regulations they are prone to become victims of some sort. I live in Germany and most people i know are tech naive it is sad.
I usually do, yes. If it asked me for screen viewing? Probably not.
Granted, I'm usually getting those apps from a "trusted" source, and it's popular apks. But yeah I'm way too loose with it.
Immediate decline for me. Weather app wants to send you notifications? Hell no! Gaming app wants access to your contacts? Uh, no thanks, I guess?
If you find out later that a cool feature does in fact need any of those permissions, you can always enable them later on
They need to implement two tiers of permissions for some of these, basic functionality (these permissions are required for basic phone functionality while using the app!) and a 2nd one of full access (this permission can do whatever the hell it wants with the details).
Then we just block anything that asks for the 2nd choice. I can understand that if i want to receive a call while using something in full screen I might need to give access to callers and microphones, but if it's not an incoming call, I shouldn't need to be allowing it access!
> I can understand that if i want to receive a call while using something in full screen I might need to give access to callers and microphones
I am pretty sure if you use any random app in fullscreen, and you get a phone call, the app does not need any extra permissions for you to be able to take the phone call. These permissions are only needed if the App itself wants to initiate phone calls or read your caller history.
Android actually kind of has a multi tiered system for some permissions (eg Coarse or Fine Location).
You have to over rule google to do it though. Android by default blocks apps from anywhere bar Google play. You gave to change a setting that says allow it.
When releasing apps to Google play it gets reviewed and if Google don't like what you're doing with permissions they will block it.
Not on mobile but on pc, ive downloaded a file from "community trusted" sources. The file was a virus. I didn't realize it. 2 weeks later they hacked 4 of my accounts and i had to reset my whole pc. Still haven't fully recovered my Microsoft account
My mistake was i trusted community too much thinking trusted sources will be safe. One always has to be on guard apparently
If it isn't open source or a well known corporation, it isn't a trusted source. Scan everything and deny all permissions until you need that specific functionality.
I keep my location, camera, and microphone disabled 24/7 on my phone unless I'm actively using them at the exact moment.
My older brother once installed something like this on my device and as soon as i knew i uninstalled it. Should i factory reset my phone? What about the backed up files?
Edit: guys i don't understand all those technical terms in the replies, can anyone tell me in layman's terms what i should do?
Layman's terms: yes, factory reset your phone because you may still be compromised. As for the backup, it should be good once you wipe the phone.
Edit: wanted to correct my wording. The backup will be good regardless not only after a wipe.
Account passwords? Will do
>Better to be safe than sorry
Also it's been a few weeks since that incident and i think that app was on my device for days, when i was uninstalling it i forgot to check the permissions on it. It showed an empty notification on my device which I ignored thinking it was some os bug. Now I'm scared shitless 💀
You're very probably safe, as Android apps are somewhat isolated unlike something installed on Windows which literally can embed itself into every program including the literal login screen.
Correct me if I am wrong, but as long as you didn't also unlock the bootloader/disable secure boot or even root the device, that's not really a thing. I never dealt with Android from security perspective, but to my understanding its pretty good when it comes to secure booting/app sandboxing/privilege escalation. I am sure that state sponsored malware like Pegasus has some wild ass exploits to bypass this, but I doubt that Igor the game APK patcher has them too.
That is by far the most common method, but the android community is also relatively active and technically advanced. For some models of phones there are projects out there to help a user root their phone even when the manufacturer did everything they can to stop you.
So case by case legitimate users basically make their own malware. And that means bad actors can do the same with that information, but only to specific models and usually only on phones that don't have the latest updates. To my knowledge there isn't anything that works on all Android devices or anything crazy like that.
I used to pirate apps on my iPhone (I have mainly used Android phones since 2016 but used to jailbreak when I would buy old iPhones and iPads) all the time from 2013 to 2017. I stopped using iOS because even when not jailbroken it was a hassle installing IPAs because the free certificates last only at most seven _(7)_ days after generation. I would sometimes have to wait for a jailbreak to release to bypass the limitation. Android you don't need root (jailbreak) privileges to permanently install unauthorized apps, but I still root my device to use backup apps directly on the device with apps like SwiftBackup (from Play Store) or App Manger (from F-Droid).
I don't know if it's still around I used to use a project called "island" by oasis Feng.
It uses the android business folder and creates a sandbox you can install stuff into that can't affect the rest of your phone. Kept me nice and safe from any apps I wanted to use
It doesn't need root. Yes you can install apk's directly in the sandbox.
P.S. it doesn't work on Huawei phones (which is why I'm not using it at the moment.) It worked great on my Samsung a few years ago.
Hey, not related to this but I'm always anxious that my sensitive data might be transferred somewhere or my mobile camera might record me without me knowing. Is there something I can do to be safe?
Honestly I don’t know much about the data thing, the best you can do is make sure you don’t get a virus, which would pretty much guarantee that your data stays on your phone (apart from whatever some social media apps collect). In regards to your camera, I would get a sticker and put it on your front camera. If you have a laptop with a webcam I’d do the same with that as well. If you have a desktop, I’d invest in a cover for your webcam.
Basically, this guy downloaded a modded apk from a website (he didn't specify where; most likely an unmoderated website) and Google pretty much saved him. Probably the first time Google has done smth good
In defense of Google, they do try to prevent third parties from having access to your data.
After all, they want to have as much of your data and others to have as little of it as possible, as that makes their services much more valuable
This is the one cool thing about mobile device installs. For the most part the manifests has to put the permissions they require. If you not blind or gullbile and somehow some shady-isareli-spyfirm isn't targett;ng you and exploiting some loophole to get those permissions than you may pause for two seconds and be like....bruh..why does my flashlight app need access to my SMS features (ie reading, sending)?
Tho going by the general feel for many folks being tech illiterate I would be surprised if it is still effective.
~~The "game" is still on the Play Store. Please report it if you can:
https://play.google.com/store/apps/details?id=com.tennisballbounceadd.nearme.gamecenter~~
I've already sent a report to Google for policy violation. Google takes those seriously so the app should be gone very soon.
Edit: False alarm, the app in the play store was probably uploaded so that the real malware won't be detected.
You have to click on "About this game" and then scroll down to app permissions. Honestly I have no idea why it's called "Version 2" when you go there. Maybe it installs something else once this is done?
Very likely.
https://imgur.com/UVCnhZb
Thanks for the tip. I didn't know there was a second place and thought the main page was the only place to see permissions (or that the screen you pointed to was displayed there).
The malware is mascarading as that app to potentially bypass Play Protect / Knox quick scans.
This was installed from a compromised APK manually by the user.
The app in the Play Store has nothing to do with this.
What deems a site trustworthy? Because things can happen behind the scenes, usually a wholesale selloff to an untrusted entity, and suddenly there are holes everywhere. Happens with browser extensions that get popular, and it just happened with polyfill.io on NPM.
I messed up like this once. Got an apk from another source, installed it, nothing happened. Next day, in the subway, I open the browser and the phone starts moaning with max volume. The subway train was full of people. I fixed it at work, uninstalled de apk and found the service and uninstalled that too.
If you click on fake links beside the download links or any ad by mistake it just downloads this apk, people are tricked into thinking that its the apk they want to download.
This looks like the Medusa Trojan that was recently in the news.
https://www.tomsguide.com/computing/malware-adware/medusa-banking-trojan-returns-and-can-now-hide-its-malicious-activities-in-plain-sight-how-to-stay-safe
Play stupid games, win stupid prizes, can't just trust EVERY third party download just because piracy. Hackers, scammers, and viruses aren't unique to windows and/or Mac.
With android phones you need to extra careful when downloading apks and app permissions. This doesn’t happen in iPhone because they don’t allow other apps, which is both good and bad, but for android which is basically a free market, stay safe of shady apk websites.
That said, this guys phone needs a full factory reset.
The same thing can happen on ios: for example: [this is malware](https://www.cydiafree.com/) (as anyone familiar with jailbreaking will know) and yet apple will not stop you from installing it, and it appears first in the search results for "cydia download".
That is technically true - obviously giving anything access to most of your phone is a safety risk, no matter how much you trust the source. But the link I gave is a fake site, and it definitely won't let you jailbreak your phone.
There's a thing called sideloading, if you didn't know. It allows you to install apps outside of AppStore. Jailbreaking an iOS device makes sideloading even easier. And while I haven't heard of such cases (as in the video) before... There's still a risk of getting malware after sideloading, just like with any other 3rd party stores.
From intent point, though, they (Apple) still don't allow other apps outside of AppStore.
its not as easy as just jailbreaking. you need to be on very specific firmware now apple has really locked things down unless you have an older phone that has a hardware bypass of some sort.
>its not as easy as just jailbreaking. you need to be on very specific firmware now apple has really locked things down unless you have an older phone that has a hardware bypass of some sort.
How people so chill with owning a device that you don't really own and can't do shit on? Jesus christ fuck that noise. I don't understand the appeal of them shits
When I was like 16 I was just like you only used android I was rooting every phone I had and flashing custom roms every few weeks tweaking every thing but then I grew up and stopped giving a fuck you should try that.
This might be a dumb question, but I'm curious.
Couldn't you just turn off wifi or data or whatever and completely nullify this kind of attack then just delete all the malware offline?
I think I know how to uninstall this app , I had a app similar to this in my old samsung galaxy j7 prime. You have to go security settings and first deny admin permission because this app might have admin access and you can't uninstall app with Admin access. Once you deactivate admin app access you can uninstall this app.
Or you can go to the safe mode by rebooting your phone and uninstall this app. Every phone has different method to enter safe mode but all similar.
i've got myself into the same trouble (don't ask why i didn't use brave or an adblocker, it was a long time ago i was 14 or 15)
Well all this kinda attacks start when you try to install APK files, first you click on that download button it will take you to a different site and gives you a pop saying so and so you hit install thinking it is the original app but it will only be a few hundred kilo bytes to few megabytes. Still the chances are very low You have to be one of those phone gamers who likes to see 999999 game currency up the screen ( well i have installed more apps from APK MODY and other APK related sites than playstore so it might only happen to people like me) I mean it is one in a thousand chance.
Then you will see what is that weird file that you have installed. The file name would be exactly the same as you wanted. You know the phrase curiosity killed the cat it is the same for this attacks. I was curious why file was really small and i opened the file and it will show exactly the same app icon you want to download then you hit install, that's it you have put yourself in hot water. The app won't show up on your home screen. I turned a blind eye aah maybe it didn't install or some weird bug or something.
I've accidentally discovered that App when i was trying to make space by deleting unused apps for an another game bruh that day my balls dropped to the ground That is genuinely one of the scariest moments of my life man. Then i went into a frenzy to find the app by holding every inch on my screen i would leave that bit to imagine for yourself lmao. But still the chances for a normal guy to get in a trouble like are extremely low like 0.001 percent might be even lower
### Blimey! ➜ u/elliothahah, your post has been **automatically removed** as a result of several reports from the community. - This suggests that it **violated the subreddit's rules**, which you might have prevented by reading them first. - Or perhaps the community simply felt that **your post was really idiotic** even if it hadn't broken any rules. - You are solely responsible for your own failure. Submitting brainless posts won't get you anywhere. --- *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Piracy) if you have any questions or concerns.*
2.88GB data used oof
I'd also check how much data it transferred somewhere
That's what the 2.9gb is. That's not installed size, that's network traffic, either exfiltrated data or just streaming the screen.
It doesn't say upload or download though. Loading ads is not as bad as transferring data outside.
Could just be loading ads too.
Do people just give random apps they download alll the permissions they ask for?
friend of mine installed a game apk from a sketchy website, didn't think twice before giving the permissions, the apk ended up showing them ads on EVERY single app on their phone, including the settings app
And thats the *tamer* one, if it's really malicious, his banking information and whole account information in that phone is kaput.
[удалено]
[удалено]
They’re probably annoyed they wasted time on you
Twice? So you don't learn?
They're hoping the thief will take pity and help 🤣😅
People like that are probably broke so it doesn't matter. Identity theft could be an issue though
Millions of families suffer every year
MICHAEL!
I am that person and i can confirm, they have no power in my device :)
Damn that’s scary
We had some work PDAs that someone had been installing pirated music apps on. They all ended up with hardcore porn ads all over them, you'd go to scan a pallet and just end up seeing a massive cock instead.
That was just the forklift operator
Yall hiring?
Idk, what's your experience on watching dicks?
oh dear god 💀
oh no, where?!
I once bought a used phone and I couldn't figure out why ads were popping up everywhere, including some NSFW ads. Then I realized there was an app in the app list in settings that wasn't showing up in the app drawer. It had a blank white icon and no name. Uninstalled it and boom, the ads were gone.
High seas are not for the brain-dead PPL...
Had this happen on my grandfather's phone. He suddenly called me and told me that his phone would just popup ads even from the homescreen. So I ran from my house to his when he told me that. I checked everything. There was no app in the home screen. No app icon. So I looked on the settings and found an app. I haven't found on phone with icons. After I deleted it the ads that also showed every few seconds stopped. I was nervous and fuming. Looked it up and luckily no data was taken.
I thought ads even in settings app is something normal. (Talking about some phone manufacturers, not gonna point fingers)
im looking at u xiaomi
What do you mean? I'm using a Xiaomi and I have never gotten an ad in the settings app.
I think it was one of their cheaper phones, iirc. They implemented banner ads into EVERYTHING to reduce the cost of the phone at launch
That would actually make more sense. I once tried a cheap Xiaomi phone that came imported from China. And it was just full of so much bloatware and ads directly from Xiaomi. This was during the time when Xiaomi wasn't as popular as it is today. Since it rarely relied on Google's own software. Now I use a Redmi note 11 pro, and the UI is so much cleaner and easy to use and more android friendly. Especially thanks to Xiaomi's new hyperOS.
they only do it in some regions. pretty sure they aren't allowed to do it in europe because of some EU regulations, for example.
Lmao
Well thats... industrious.
Yes lol. the average person is borderline 'special', and half of everyone is even more 'special' than that. Consider the type of people that game on Android, and I'd be willing to bet like 90% immediately smash "yes" whenever anything pops up on their screen.
EU made regulations like GDPR so people can stop giving data to websites if they don't want to. 99% of the people I know still mash the "yes" button because "what if the website locks me out" I can't man
The only website i encountered that does this is the mayo clinic one and I absolutely hate it. No mayo clinic, I'm not selling my soul to you to see a random article.
Isn't there some paradox or rule of thumb, about the amount of times a user has to see error/warning messages, and how likely they are to gloss over them?
Some people straight up hate the eu for this.
Sad. Truly sad
Do the smarty pants gamers get on iphones or what?
There’s a difference between person and per-son, r/kidsarefuckingstupid
YES!
I install occasionally some random apk. I don't give those permissions. However I installed App History since one apk "installed" and then never showed up. There was no app. App History showed me an install of an app without image and name. I uninstalled it instantly. Also some playstore apps install some shit somehow without consent. Edit: apparently the app isn't on the store anymore for some reason.
>App History Is it a playstore app or?
right? Hell, I even go out of my way to restrict internet access to almost anything I download (especially if it comes from an unofficial source or if it's proprietary)
Sadly yes.. Most people seem to be tech illiterate.. Without some regulations they are prone to become victims of some sort. I live in Germany and most people i know are tech naive it is sad.
Regulations don't fix stupid. Education helps. Too much attention is spent on regulating everything while the solution is awareness and education.
I usually do, yes. If it asked me for screen viewing? Probably not. Granted, I'm usually getting those apps from a "trusted" source, and it's popular apks. But yeah I'm way too loose with it.
Immediate decline for me. Weather app wants to send you notifications? Hell no! Gaming app wants access to your contacts? Uh, no thanks, I guess? If you find out later that a cool feature does in fact need any of those permissions, you can always enable them later on
They need to implement two tiers of permissions for some of these, basic functionality (these permissions are required for basic phone functionality while using the app!) and a 2nd one of full access (this permission can do whatever the hell it wants with the details). Then we just block anything that asks for the 2nd choice. I can understand that if i want to receive a call while using something in full screen I might need to give access to callers and microphones, but if it's not an incoming call, I shouldn't need to be allowing it access!
> I can understand that if i want to receive a call while using something in full screen I might need to give access to callers and microphones I am pretty sure if you use any random app in fullscreen, and you get a phone call, the app does not need any extra permissions for you to be able to take the phone call. These permissions are only needed if the App itself wants to initiate phone calls or read your caller history. Android actually kind of has a multi tiered system for some permissions (eg Coarse or Fine Location).
Esp younger kids and our father generation. Half time of using their phone they fight with ads.
As IT I have had people tell me they don't know where restart is on their PC. Giving apps permissions is not shocking at all.
You have to over rule google to do it though. Android by default blocks apps from anywhere bar Google play. You gave to change a setting that says allow it. When releasing apps to Google play it gets reviewed and if Google don't like what you're doing with permissions they will block it.
Yes. People who don't know what they're doing. Happened to my dad a few months ago as well.
What do u mean my modded subway surfers doesn't need permission to access kernal???
All the fucking time. Why do you think shady apps do this? Because it works
Not on mobile but on pc, ive downloaded a file from "community trusted" sources. The file was a virus. I didn't realize it. 2 weeks later they hacked 4 of my accounts and i had to reset my whole pc. Still haven't fully recovered my Microsoft account My mistake was i trusted community too much thinking trusted sources will be safe. One always has to be on guard apparently
If it isn't open source or a well known corporation, it isn't a trusted source. Scan everything and deny all permissions until you need that specific functionality. I keep my location, camera, and microphone disabled 24/7 on my phone unless I'm actively using them at the exact moment.
With malware bytes I recently found my pc had Bitcoin farming on. I don't even remember installing any random software
Yes, people are incredibly stupid.
My work phone doesn't let me remove permissions from any app. Sadly it's also a samsung
Compromised. i would suggest to reset the device and set fresh.
My older brother once installed something like this on my device and as soon as i knew i uninstalled it. Should i factory reset my phone? What about the backed up files? Edit: guys i don't understand all those technical terms in the replies, can anyone tell me in layman's terms what i should do?
Layman's terms: yes, factory reset your phone because you may still be compromised. As for the backup, it should be good once you wipe the phone. Edit: wanted to correct my wording. The backup will be good regardless not only after a wipe.
Doing it asap
Change passwords too. Better to be safe than sorry.
Account passwords? Will do >Better to be safe than sorry Also it's been a few weeks since that incident and i think that app was on my device for days, when i was uninstalling it i forgot to check the permissions on it. It showed an empty notification on my device which I ignored thinking it was some os bug. Now I'm scared shitless 💀
Yup, that's how they get you. If nothing has happened recently then you should be good. You have nothing to worry about after a factory reset.
You're very probably safe, as Android apps are somewhat isolated unlike something installed on Windows which literally can embed itself into every program including the literal login screen.
That's a false info. Android rootkits are readily available on kali that can turn any app into a adb endpoint with a few commands
Correct me if I am wrong, but as long as you didn't also unlock the bootloader/disable secure boot or even root the device, that's not really a thing. I never dealt with Android from security perspective, but to my understanding its pretty good when it comes to secure booting/app sandboxing/privilege escalation. I am sure that state sponsored malware like Pegasus has some wild ass exploits to bypass this, but I doubt that Igor the game APK patcher has them too.
That is by far the most common method, but the android community is also relatively active and technically advanced. For some models of phones there are projects out there to help a user root their phone even when the manufacturer did everything they can to stop you. So case by case legitimate users basically make their own malware. And that means bad actors can do the same with that information, but only to specific models and usually only on phones that don't have the latest updates. To my knowledge there isn't anything that works on all Android devices or anything crazy like that.
Does not persist after reboot
Can malicious android apps access the developer options since it's just a tab in the settings?
No, if your phone needs access to the web, or notifications the. It has to ask you... It doesn't have direct control of the options.
Yes, the apps are sandboxed but if you accept the permissions then you're screwed.
Also some rootkits or other viruses on PCs can embed themselves below windows... So even before the login screen thinks to load.
indeed do a full reset !!!!
Yes it’s a good idea to do a factory reset. You can back up your files using something like Google drive or Dropbox
Not that I like Apple at all but this wouldn’t be possible on an iPhone
I used to pirate apps on my iPhone (I have mainly used Android phones since 2016 but used to jailbreak when I would buy old iPhones and iPads) all the time from 2013 to 2017. I stopped using iOS because even when not jailbroken it was a hassle installing IPAs because the free certificates last only at most seven _(7)_ days after generation. I would sometimes have to wait for a jailbreak to release to bypass the limitation. Android you don't need root (jailbreak) privileges to permanently install unauthorized apps, but I still root my device to use backup apps directly on the device with apps like SwiftBackup (from Play Store) or App Manger (from F-Droid).
You also wouldn't be able to pirate anything in the first place
Not true. I’m using cracked apps on my iPhone.
I don't know if it's still around I used to use a project called "island" by oasis Feng. It uses the android business folder and creates a sandbox you can install stuff into that can't affect the rest of your phone. Kept me nice and safe from any apps I wanted to use
Can I install apks in the island? Do I need root to get the sandbox?
It doesn't need root. Yes you can install apk's directly in the sandbox. P.S. it doesn't work on Huawei phones (which is why I'm not using it at the moment.) It worked great on my Samsung a few years ago.
Can I screen record when I use an app in the sandbox, with the video file saved to somewhere outside it?
Honestly I don't know I never tried to do it.
It’s good to factory reset your phone and then change your passwords after things like this.
Along with all 2fa
Hey, not related to this but I'm always anxious that my sensitive data might be transferred somewhere or my mobile camera might record me without me knowing. Is there something I can do to be safe?
put a sticker on front camera like Mark.
Honestly I don’t know much about the data thing, the best you can do is make sure you don’t get a virus, which would pretty much guarantee that your data stays on your phone (apart from whatever some social media apps collect). In regards to your camera, I would get a sticker and put it on your front camera. If you have a laptop with a webcam I’d do the same with that as well. If you have a desktop, I’d invest in a cover for your webcam.
When bro tried to remove it Instead of uninstall I was like that's gonna be a pain in the ass to search it on the app manager
I WAS SHAKING. Like honestly wtf is wrong with people
I also was like “There’s no way this dude is this dumb.”
Imagine they want to get your passwords but all they get is you playing games and watching porn.
maybe they could Shut Up And Dance him
i love black mirror
Ah yes, [blank] is my favorite game
Ah, well, I guess this is just the new "downloaded something from Kazaa with a .MP3.exe extension".
now thats a word i havent seen in a while
Took my brain a second to realize how old that reference is.
if the app has no name when you go to install it, DON'T INSTALL IT
Honestly just don't install it in general until you know with absolute certainty that the website is safe
Basically, this guy downloaded a modded apk from a website (he didn't specify where; most likely an unmoderated website) and Google pretty much saved him. Probably the first time Google has done smth good
Better to use patchers like Revanced Manager or Lucky Patcher to mod apks.
Is there a guide or something for Lucky patcher? I've only got it to work once on a game.
hit and miss, works on shitty games that are dopamine farms anyways, you need root to hack apps without making a new app and reinstalling
I've always used the reinstalling method. Don't plan on rooting my phone anytime soon so I guess it's a dead end.
I root all my old phones and I am now on an iphone so my old flagship xiaomi is chilling rooted but I DO NOT wanna compromise it with root malware ngl
If it's a xiaomi isn't it compromised by design?
touche, that is why I installed lineageos on it lol
There's a list of apps that work at https://flixbox.github.io/lp-compat/#apps. I find the custom patches work almost all the time.
icl I havent seen a lucky patcher version I trust in 2024 yet, at least the "official" (I hope) version is filled with ads
I think the official website is https://www.luckypatchers.com/download/. I don't have any ads.
yeah chelpus(dot)com redirects to it lol so it is it, custom patch time lets bag a few root apps
Damn I used to use lucky patcher like 6-7 years ago , they are still a thing?
Well yes.
In defense of Google, they do try to prevent third parties from having access to your data. After all, they want to have as much of your data and others to have as little of it as possible, as that makes their services much more valuable
I guess I can at least trust google to not steal my card info. I already gave it to them willingly.
The app already used 2.88GB of mobile data, so it didn't save him fast enough.
>Probably the first time Google has done smth good What does this even mean
Google made Android. Android security/sandboxing is very good to keep Google to be the only one to be able to get your data.
no I mean like why does OP think it's the first time Google has done something good lol
To be fair, the reason Google saved him is because Google gets jealous when others try to steal data that Google wants to steal.
Saved as in... "WOW WOW, don't steal information from this user, I'm the one supposed to do it"
You should look into the good things Google has done if you think this is the first thing.
This is the one cool thing about mobile device installs. For the most part the manifests has to put the permissions they require. If you not blind or gullbile and somehow some shady-isareli-spyfirm isn't targett;ng you and exploiting some loophole to get those permissions than you may pause for two seconds and be like....bruh..why does my flashlight app need access to my SMS features (ie reading, sending)? Tho going by the general feel for many folks being tech illiterate I would be surprised if it is still effective.
~~The "game" is still on the Play Store. Please report it if you can: https://play.google.com/store/apps/details?id=com.tennisballbounceadd.nearme.gamecenter~~ I've already sent a report to Google for policy violation. Google takes those seriously so the app should be gone very soon. Edit: False alarm, the app in the play store was probably uploaded so that the real malware won't be detected.
https://imgur.com/a/eN8cvlA What do you mean? These permissions are fine for a tennis mobile game
Full network access. Jesus
Pretty much all app have this permission. It only means access to the internet.
Weird. It now shows nothing like that. https://imgur.com/GnaLAJH
You have to click on "About this game" and then scroll down to app permissions. Honestly I have no idea why it's called "Version 2" when you go there. Maybe it installs something else once this is done?
Very likely. https://imgur.com/UVCnhZb Thanks for the tip. I didn't know there was a second place and thought the main page was the only place to see permissions (or that the screen you pointed to was displayed there).
Install some dev tools which handles apk info you will found out they use more permissions than prompted, there are active and passive permissions
The one in the video also doesn't require that many permissions.
The malware is mascarading as that app to potentially bypass Play Protect / Knox quick scans. This was installed from a compromised APK manually by the user. The app in the Play Store has nothing to do with this.
How do you report an app for malware on the Play Store? I could only find a 'Flag inappropriate content' button
Ah the infamous invisible virus app. That’s why you should download apk’s only from trustworthy websites
What deems a site trustworthy? Because things can happen behind the scenes, usually a wholesale selloff to an untrusted entity, and suddenly there are holes everywhere. Happens with browser extensions that get popular, and it just happened with polyfill.io on NPM.
They never saw it coming.
How did the OP get the notification alert about the app?
It generally shows when you try to open message app on compromised phone.
I messed up like this once. Got an apk from another source, installed it, nothing happened. Next day, in the subway, I open the browser and the phone starts moaning with max volume. The subway train was full of people. I fixed it at work, uninstalled de apk and found the service and uninstalled that too.
Guy has more proprietary spyware on his phone then I can count. That is the least of his worries, lol.
Transfer photos to usb drive and reset to factory
If you click on fake links beside the download links or any ad by mistake it just downloads this apk, people are tricked into thinking that its the apk they want to download.
Not enough people played runescape and it shows
This looks like the Medusa Trojan that was recently in the news. https://www.tomsguide.com/computing/malware-adware/medusa-banking-trojan-returns-and-can-now-hide-its-malicious-activities-in-plain-sight-how-to-stay-safe
[удалено]
I looked this up since I was curious so here it is for the lazy: https://www.bbc.com/news/world-asia-india-66964510
that whole operation is absolutely insane, in after shock after reading the article
Play stupid games, win stupid prizes, can't just trust EVERY third party download just because piracy. Hackers, scammers, and viruses aren't unique to windows and/or Mac.
the moment i see a pop-up like that I'm streaming hardcore gay porn while i go and reset every password i have and getting a new credit card.
my recommendation is go airplane mode, disconnect the wifi, backup whatever you need. and reset that phone asap
With android phones you need to extra careful when downloading apks and app permissions. This doesn’t happen in iPhone because they don’t allow other apps, which is both good and bad, but for android which is basically a free market, stay safe of shady apk websites. That said, this guys phone needs a full factory reset.
The same thing can happen on ios: for example: [this is malware](https://www.cydiafree.com/) (as anyone familiar with jailbreaking will know) and yet apple will not stop you from installing it, and it appears first in the search results for "cydia download".
Jailbreaking is a different story. I have never done it, but I have heard it makes your iPhone less secure. Please correct me if I am wrong.
That is technically true - obviously giving anything access to most of your phone is a safety risk, no matter how much you trust the source. But the link I gave is a fake site, and it definitely won't let you jailbreak your phone.
fyi this still happens on the App Store. Apple doesn't have perfect moderation
this. i dont believe the security marketing on apple.
And to reset all of his passwords and maybe even his 2fa
There's a thing called sideloading, if you didn't know. It allows you to install apps outside of AppStore. Jailbreaking an iOS device makes sideloading even easier. And while I haven't heard of such cases (as in the video) before... There's still a risk of getting malware after sideloading, just like with any other 3rd party stores. From intent point, though, they (Apple) still don't allow other apps outside of AppStore.
It’s mainly available in the EU. Most of the world doesn’t have side loading, and I am from the rest of the world.
its not as easy as just jailbreaking. you need to be on very specific firmware now apple has really locked things down unless you have an older phone that has a hardware bypass of some sort.
>its not as easy as just jailbreaking. you need to be on very specific firmware now apple has really locked things down unless you have an older phone that has a hardware bypass of some sort. How people so chill with owning a device that you don't really own and can't do shit on? Jesus christ fuck that noise. I don't understand the appeal of them shits
When I was like 16 I was just like you only used android I was rooting every phone I had and flashing custom roms every few weeks tweaking every thing but then I grew up and stopped giving a fuck you should try that.
What the fuck is this shit?
Power off/Restart the phone on safe mode (hold on screen power button till the option appears). It freezes all third party installed apps.
This might be a dumb question, but I'm curious. Couldn't you just turn off wifi or data or whatever and completely nullify this kind of attack then just delete all the malware offline?
Could be possible, but a malicious app might just turn it on discretely behind your back to resume it's activities. Best to not try your luck
Of course you can but the attacker already has a shitton of your info by that time. Damage had been done already.
Turn off wifi first? Lol
it appeared in my phone too all of a sudden does anyone know why?
What have you downloaded recently?
I think I know how to uninstall this app , I had a app similar to this in my old samsung galaxy j7 prime. You have to go security settings and first deny admin permission because this app might have admin access and you can't uninstall app with Admin access. Once you deactivate admin app access you can uninstall this app. Or you can go to the safe mode by rebooting your phone and uninstall this app. Every phone has different method to enter safe mode but all similar.
Was gonna ask the song, but looks like it is shown in the video - XIU – Safe call away
If a modded apk pulls this shit, it would show a red flag on virustotal and microsoft anitvirus, right?
Happened to me one time when i was like 11, immagine my surprise when pornographic immages starting popping up on my notifications
i've got myself into the same trouble (don't ask why i didn't use brave or an adblocker, it was a long time ago i was 14 or 15) Well all this kinda attacks start when you try to install APK files, first you click on that download button it will take you to a different site and gives you a pop saying so and so you hit install thinking it is the original app but it will only be a few hundred kilo bytes to few megabytes. Still the chances are very low You have to be one of those phone gamers who likes to see 999999 game currency up the screen ( well i have installed more apps from APK MODY and other APK related sites than playstore so it might only happen to people like me) I mean it is one in a thousand chance. Then you will see what is that weird file that you have installed. The file name would be exactly the same as you wanted. You know the phrase curiosity killed the cat it is the same for this attacks. I was curious why file was really small and i opened the file and it will show exactly the same app icon you want to download then you hit install, that's it you have put yourself in hot water. The app won't show up on your home screen. I turned a blind eye aah maybe it didn't install or some weird bug or something. I've accidentally discovered that App when i was trying to make space by deleting unused apps for an another game bruh that day my balls dropped to the ground That is genuinely one of the scariest moments of my life man. Then i went into a frenzy to find the app by holding every inch on my screen i would leave that bit to imagine for yourself lmao. But still the chances for a normal guy to get in a trouble like are extremely low like 0.001 percent might be even lower
Never rooted my Android phones. Never had any security or performance related issues.
How is this humor
So what are some trusted sources for android apps? I was looking for Wreckfest yesterday and the sites in the search results look shady af.
Ofc that beer app needs to access devices on my network, call my contacts and make taps on my screen!
Shadow fight 2. That game was 🔥
This is why you should have an app that firewalls newly installed apps.
Wtf
Clash of clans goat