Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Being constantly hacked wherever I go

  • 09-07-2015 11:48am
    #1
    Registered Users, Registered Users 2 Posts: 105 ✭✭


    Hi! I had a gmail account for years, and I came to thinking that it was customary to get your account entered into from 'another location' (per Google) every time you viewed a video. Then, I created a facebook profile and throughout that time there, I noticed someone was changing stuff in my account. I told facebook about it, no reply as is the norm. a taxi pic appeared for working for self. I had event updates for 'gay events', (nothing against gay, but not), witches events, and stuff I had nt put there. Then I saw the profile of an undesirable( that had to be removed from our house share by police few years previous,) whose profile was there, that had been viewing my profile!!! The penny dropped, and I deleted the facebook account. They found me by my email address and phone number. Yes, even though your details are meant to be private. That was a year ago. I changed my phone and phone number. I still use the same dongle, that changes IP number each time I go online.
    I then opened a yahoo email on new phone and number, and I got a notification that someone had accessed my account from another location.... I was only setting up the account, anyway I kept that email address, and still have it.
    During the year, I had a blog on blogger, connected to a google+ profile, yes, you've correctly guessed, the email got hacked, and the blog was destroyed. Google were fantastic. They put up curtains, and worked at undoing all the harm, and gave it back to me late that night. All the daily statistics all in tact. I had told them who I thought it was. They did something, I don't know what, but I was left alone for months.

    Yesterday evening I opened a facebook account with a different name and photo, and after 3 hours, I got a message from FB that my account had been accessed from another location. They told me to also change passwords on the 2 email accounts linked to it.( One that would have been visibly linked to the first gmail account that I had to delete, and one new one created yesterday to go with the FB account.) I've done nothing yet, this is starting to tire me out.
    What I would like to be advised on is do I now delete all and start over, with new phone, number etc all over again, please?
    Should I change the dongle?
    I've visited the garda station last year when it was fresh,no avail. They dont care for this stuff, and want evidence.
    Your comments greatly appreciated...


«1

Comments

  • Registered Users, Registered Users 2 Posts: 884 ✭✭✭JamBur


    Is it the same laptop, or PC you've used throughout? My first thoughts would be that a keyloggers, or some form of remote monitoring software is on your laptop. Fresh install of your o\s, delete any partitions, and a full format


  • Registered Users, Registered Users 2 Posts: 23,686 ✭✭✭✭mickdw


    You need to start clean and not tie everything together. It seems that even though you start out with new accounts, you are possibly using original email addresses as back ups or something.


  • Registered Users, Registered Users 2 Posts: 86,729 ✭✭✭✭Overheal


    you also need to enable 2-step verification on everything: it prevents anyone who doesn't physically posses your phone from logging on anywhere else.


  • Registered Users, Registered Users 2 Posts: 105 ✭✭Joolzie


    JamBur wrote: »
    Is it the same laptop, or PC you've used throughout? My first thoughts would be that a keyloggers, or some form of remote monitoring software is on your laptop. Fresh install of your o\s, delete any partitions, and a full format

    Thanks JamBur, how do I do that stuff? or where to take it.
    They never had access to this laptop, only have it 2 years.


  • Registered Users, Registered Users 2 Posts: 787 ✭✭✭folamh


    So all your previous problems with Gmail have been sorted out, but not this new one of your Facebook being accessed from another location? Are you sure it isn't you who accessed it from a different device somewhere?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 105 ✭✭Joolzie


    mickdw wrote: »
    You need to start clean and not tie everything together. It seems that even though you start out with new accounts, you are possibly using original email addresses as back ups or something.

    Thanks Mickdw, I did'nt want to delete that account, but certainly will now. I think new laptop too....


  • Registered Users, Registered Users 2 Posts: 105 ✭✭Joolzie


    folamh wrote: »
    So all your previous problems with Gmail have been sorted out, but not this new one of your Facebook being accessed from another location? Are you sure it isn't you who accessed it from a different device somewhere?

    My initial thought was that, but I didnt even try to access it from my phone, it said the 'location' was 'near' Dublin. Me, my phone and LT are in Dublin.


  • Registered Users, Registered Users 2 Posts: 506 ✭✭✭Ant695


    Joolzie wrote: »
    Thanks Mickdw, I did'nt want to delete that account, but certainly will now. I think new laptop too....

    No need for a new laptop if you're not comfortable with doing it yourself take it to a local pc repair place and they will wipe it for you and reinstall windows as long as you have the sticker on the bottom with the windows key. Just be sure to tell them what files you wanted backed up from the hard drive first pictures, documents etc...

    As said above it does sound like some sort of key logger that gives the other person any new account details you create including passwords.


  • Registered Users, Registered Users 2 Posts: 2,352 ✭✭✭Mar4ix


    You said you have a dongle which change ip address??? Why?? Even if it does work, fb and the rest of services are surprised that every time you log in, it comes from different ip adress.

    Advice is: do factory restore on your computer, (before that save all your pictures and documents on external hard drive), buy good antivirus ( i wont do suggestions here), change passwords on emails and fb (upper and lower case letters plus numbers and symbols), different passwords on all accounts.

    I do pc's as side work to my regular work for good few years.


  • Registered Users, Registered Users 2 Posts: 2,178 ✭✭✭bajer101


    Joolzie wrote: »
    Then I saw the profile of an undesirable( that had to be removed from our house share by police few years previous,) whose profile was there, that had been viewing my profile!!! The penny dropped, and I deleted the facebook account.

    This does not mean that this is the person who is hacking you. You cannot see who has viewed your Facebook profile. To enable two factor authentication in Facebook, goto security settings and enable Login Alerts, Login Approval and code generator.

    https://www.facebook.com/settings?tab=security

    If there is a keylogger on you laptop, download and run malwarebytes from safemode (press F* when Windows is starting and select Safemode with Networking).


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 105 ✭✭Joolzie


    Ant695 wrote: »
    No need for a new laptop if you're not comfortable with doing it yourself take it to a local pc repair place and they will wipe it for you and reinstall windows as long as you have the sticker on the bottom with the windows key. Just be sure to tell them what files you wanted backed up from the hard drive first pictures, documents etc...

    As said above it does sound like some sort of key logger that gives the other person any new account details you create including passwords.

    Yes Ant695, I was n't even looking at a video, they just logged in, so easy.


  • Registered Users, Registered Users 2 Posts: 105 ✭✭Joolzie


    Mar4ix wrote: »
    You said you have a dongle which change ip address??? Why?? Even if it does work, fb and the rest of services are surprised that every time you log in, it comes from different ip adress.

    Advice is: do factory restore on your computer, (before that save all your pictures and documents on external hard drive), buy good antivirus ( i wont do suggestions here), change passwords on emails and fb (upper and lower case letters plus numbers and symbols), different passwords on all accounts.

    I do pc's as side work to my regular work for good few years.

    Yes Mar4ix! it's hilarious I know. Its a mobile device so just links up each time with a different IP address. The upside of that is...They cant send me a virus..:)
    Tnx for the info


  • Registered Users, Registered Users 2 Posts: 105 ✭✭Joolzie


    bajer101 wrote: »
    This does not mean that this is the person who is hacking you. You cannot see who has viewed your Facebook profile. To enable two factor authentication in Facebook, goto security settings and enable Login Alerts, Login Approval and code generator.

    https://www.facebook.com/settings?tab=security

    If there is a keylogger on you laptop, download and run malwarebytes from safemode (press F* when Windows is starting and select Safemode with Networking).

    Yes bajer101, I know I don't know for sure, but it's an all round probability. I'm just an ordinary joe soap, for unknown reasons very popular for hacking, no nothing interesting, just boring ordinary stuff, nothing exciting.
    Thanks for your advice, will follow..:)


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    bajer101 wrote: »
    If there is a keylogger on you laptop, download and run malwarebytes from safemode (press F* when Windows is starting and select Safemode with Networking).

    Malwarebytes wont find any decent keylogger.


  • Registered Users, Registered Users 2 Posts: 2,178 ✭✭✭bajer101


    syklops wrote: »
    Malwarebytes wont find any decent keylogger.

    Yes it will - unless it is a legitimate keylogger, in which case the OP has a completely different problem. But if this is just some nuisance case, then malwarebytes will pick it up.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    bajer101 wrote: »
    Yes it will - unless it is a legitimate keylogger, in which case the OP has a completely different problem. But if this is just some nuisance case, then malwarebytes will pick it up.

    What did you think I meant when I said "decent keylogger"?


  • Registered Users, Registered Users 2 Posts: 2,178 ✭✭✭bajer101


    syklops wrote: »
    What did you think I meant when I said "decent keylogger"?

    By legitimate, I menat "official" as in law enforcement. I don't think that is the case here. If it is someone who is using it to detect his FB password to make posts about being gay, then I think it is safe to assume that if they are using a keylogger it will be one that malwarebytes will detect.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    bajer101 wrote: »
    By legitimate, I menat "official" as in law enforcement. I don't think that is the case here. If it is someone who is using it to detect his FB password to make posts about being gay, then I think it is safe to assume that if they are using a keylogger it will be one that malwarebytes will detect.

    I meant decent as in FUD, meaning undetectable. Something you can buy with your paypal account for less than a few pints in town.


  • Registered Users, Registered Users 2 Posts: 9,605 ✭✭✭gctest50


    bajer101 wrote: »
    .........
    If there is a keylogger on you laptop, download and run malwarebytes from safemode (press F* when Windows is starting and select Safemode with Networking).

    how does that help if say ..... it loads before windows ?


  • Registered Users, Registered Users 2 Posts: 2,352 ✭✭✭Mar4ix


    Joolzie wrote: »
    Yes Mar4ix! it's hilarious I know. Its a mobile device so just links up each time with a different IP address. The upside of that is...They cant send me a virus..:)
    Tnx for the info

    I am afraid viruses gets in to pc NOT via ip address, so to keep changing ip addresses its pointless, also i doubt it isp will give you every time different public ip address, more likely you will be using private ip address.
    Viruses gets in to pc via email attachments, other media attachments, bad web page visiting, a specially if java and flash player are outdated. Scan malwarebytes would be helpful.
    Suggest you find someone well known to you and familiar with computers, and do what i suggested in my first post. Any other way - i dont know tbh.

    Good luck.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 3,191 ✭✭✭uncle_sam_ie


    Do you use the same password for a lot of your sites?


  • Registered Users, Registered Users 2 Posts: 105 ✭✭Joolzie


    Do you use the same password for a lot of your sites?

    Never. They are all long and complicated. It always says 'strong'. This person is quite adept at hacking. they don't need passwords. They just sailed onto my account yesterday.


  • Registered Users, Registered Users 2 Posts: 760 ✭✭✭mach1982


    Just because it says strong dosen't mean it is a secure. Is it alphanumeric? Instead of using usinh a password try using a pass phrase like the fist line of favorite song and replace letters with numbets ie replace all the es with the number 3.


  • Registered Users, Registered Users 2 Posts: 86,729 ✭✭✭✭Overheal


    I will reiterate that the strongest level of protection you can get against this is 2-step verification.


  • Registered Users, Registered Users 2 Posts: 105 ✭✭Joolzie


    Overheal wrote: »
    I will reiterate that the strongest level of protection you can get against this is 2-step verification.

    Yes, I agree. Going to do that. tnx


  • Registered Users, Registered Users 2 Posts: 600 ✭✭✭SMJSF


    Are you ever or frequently using public area WiFi (Starbucks/McDonald's/ hotels, etc) and leaving your accounts logged in when you connect to them.....??
    Is your internet key "locked" or free to be used by anyone?


  • Registered Users, Registered Users 2 Posts: 105 ✭✭Joolzie


    SMJSF wrote: »
    Are you ever or frequently using public area WiFi (Starbucks/McDonald's/ hotels, etc) and leaving your accounts logged in when you connect to them.....??
    Is your internet key "locked" or free to be used by anyone?

    Thanks, no, I have never used public area wiFi. Don't use laptop a lot, and never carry it around. No music on it. just email and forums and surfing.


  • Registered Users, Registered Users 2 Posts: 1,456 ✭✭✭FSL


    It would seem you have malware on your machine and every time you change a password or sign up for anything it reports home with the details.

    You need to reformat your drive and reinstall to operating system from an installation iso not the recovery partition. If the malware author (not necessarily the installer) is at all skilled they are likely to have found a way of incorporating it into the recovery partition.


  • Registered Users, Registered Users 2 Posts: 105 ✭✭Joolzie


    FSL wrote: »
    It would seem you have malware on your machine and every time you change a password or sign up for anything it reports home with the details.

    You need to reformat your drive and reinstall to operating system from an installation iso not the recovery partition. If the malware author (not necessarily the installer) is at all skilled they are likely to have found a way of incorporating it into the recovery partition.

    Thanks for that. I know what I have to do now, just waiting for the payday..:)


  • Advertisement
  • Closed Accounts Posts: 3,006 ✭✭✭_Tombstone_


    Joolzie wrote: »
    Thanks for that. I know what I have to do now, just waiting for the payday..:)

    What you need to do won't cost anything.

    Except a good few hours.


  • Registered Users, Registered Users 2 Posts: 124 ✭✭MackMack


    Check that noone else is logged into your gmail before doing anything else. Changing the password won't kick out someone that's logged into it somewhere else. Password changes only affect them if they log out.

    Scroll down to the bottom of your gmail, on the bottom right where it says "Last account activity - xxxxxxxxxx" click the "details" button. This brings you to a screen that shows every device that's logged into your gmail. There's a button at the top for logging everyone out of your account. You can then change your password safely.


  • Registered Users, Registered Users 2 Posts: 24 SonicWind


    1) Change all your passwords, (everything),
    enable 2 step identification where possible.
    Do this in one sweep, all different passwords in no way related to each other.
    Also, if you suspect your laptop might be hacked, use a trusted friends pc (or work).

    2) If you do suspect your pc, wipe it or buy a new one.
    3) Consider changing the sim in the dongle or move ISP
    4) Remove most identifying info from Facebook, etc.
    5) Dont open emails from people you dont know,
    http: //ie.norton.com/ spear-phishing-scam-not-sport/article

    Understand that this person will attempt to get back in,
    if you can set up steps to catch the attempts, it will help.

    Hiring a hacker to break into a facebook a/c or yahoo is trivial,
    only costs ~ $20 dollars per a/c

    You should be able to obtain the IP address used to login,
    use a WHOIS search to find out the information about that,
    will help with the Gardaí issue.

    If things do start happening again, note them,
    what accounts are linked to this, check those.
    It is usually one source of entry, once that initial foothold is got,
    its usually very easy to compromise the entire network of accounts.
    Just need to find the point of entry.

    PM me if you have any questions.


  • Registered Users, Registered Users 2 Posts: 105 ✭✭Joolzie


    MackMack wrote: »
    Check that noone else is logged into your gmail before doing anything else. Changing the password won't kick out someone that's logged into it somewhere else. Password changes only affect them if they log out.

    Scroll down to the bottom of your gmail, on the bottom right where it says "Last account activity - xxxxxxxxxx" click the "details" button. This brings you to a screen that shows every device that's logged into your gmail. There's a button at the top for logging everyone out of your account. You can then change your password safely.

    That's the thing, they are logged to my keyboard, and get all the passwords, everything.


  • Registered Users, Registered Users 2 Posts: 105 ✭✭Joolzie


    SonicWind wrote: »
    1) Change all your passwords, (everything),
    enable 2 step identification where possible.
    Do this in one sweep, all different passwords in no way related to each other.
    Also, if you suspect your laptop might be hacked, use a trusted friends pc (or work).

    2) If you do suspect your pc, wipe it or buy a new one.
    3) Consider changing the sim in the dongle or move ISP
    4) Remove most identifying info from Facebook, etc.
    5) Dont open emails from people you dont know,
    http: //ie.norton.com/ spear-phishing-scam-not-sport/article

    Understand that this person will attempt to get back in,
    if you can set up steps to catch the attempts, it will help.

    Thanks

    Hiring a hacker to break into a facebook a/c or yahoo is trivial,
    only costs ~ $20 dollars per a/c

    You should be able to obtain the IP address used to login,
    use a WHOIS search to find out the information about that,
    will help with the Gardaí issue.

    If things do start happening again, note them,
    what accounts are linked to this, check those.
    It is usually one source of entry, once that initial foothold is got,
    its usually very easy to compromise the entire network of accounts.
    Just need to find the point of entry.

    PM me if you have any questions.


    Thanks SonicWind, I am in the process of following that sound advice. BTW I know who it is....finally, after 7 years!!


  • Registered Users, Registered Users 2 Posts: 105 ✭✭Joolzie


    What you need to do won't cost anything.

    Except a good few hours.

    I don't know how, so will pay to get it done..:)


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 80 ✭✭sqdz


    Possibility :
    - Keyloggers
    - Backdoor/Rootkit
    - Bruteforce (Your password is weak, you need number, letter and special character)


    Clean :
    - Antivirus software (like AVG)
    - Antivirus online (like panda or symantec)
    - Malware byte
    - CCleaner + clean your browser.

    But it's not a really "good" clean. It's very easy to pass an antivirus with a keylogger. (I can hidden the keylogger in the process/start and never see by an antivirus)
    You need to see every process when your computer start. 98% clean, but sucker method... format c:

    Good luck,
    Sqdz'


  • Registered Users, Registered Users 2 Posts: 1,469 ✭✭✭Asmooh


    Get a mac or use linux if you are sure nobody messed with your hardware.
    But I agree on most things about changing all password, don't click on everything or say 'yes' just to get rid of a message.

    If you use android, wipe your device also because android is full with malware and your problem may not be computer related at all


  • Registered Users, Registered Users 2 Posts: 105 ✭✭Joolzie


    sqdz wrote: »
    Possibility :
    - Keyloggers
    - Backdoor/Rootkit
    - Bruteforce (Your password is weak, you need number, letter and special character)


    Clean :
    - Antivirus software (like AVG)
    - Antivirus online (like panda or symantec)
    - Malware byte
    - CCleaner + clean your browser.

    But it's not a really "good" clean. It's very easy to pass an antivirus with a keylogger. (I can hidden the keylogger in the process/start and never see by an antivirus)


    You need to see every process when your computer start. 98% clean, but sucker method... format c:

    Good luck,
    Sqdz'

    Sqdz, thanks for that. It's not passwords the problem. I'm getting it cleaned.


  • Registered Users, Registered Users 2 Posts: 105 ✭✭Joolzie


    Asmooh wrote: »
    Get a mac or use linux if you are sure nobody messed with your hardware.
    But I agree on most things about changing all password, don't click on everything or say 'yes' just to get rid of a message.

    If you use android, wipe your device also because android is full with malware and your problem may not be computer related at all

    Thanks for that, getting it sorted


  • Closed Accounts Posts: 89 ✭✭cannotcope


    Joolzie wrote: »
    Thanks SonicWind, I am in the process of following that sound advice. BTW I know who it is....finally, after 7 years!!
    did you find how he was doing it? Was it a keylogger?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,005 ✭✭✭PeteK*


    How did you find out and why were they doing it?


  • Closed Accounts Posts: 3,006 ✭✭✭_Tombstone_


    Asmooh wrote: »
    Get a mac or use linux if you are sure nobody messed with your hardware.
    But I agree on most things about changing all password, don't click on everything or say 'yes' just to get rid of a message.

    If you use android, wipe your device also because android is full with malware and your problem may not be computer related at all
    What malware is on android?

    Apart from dodgy side loaded apps or the odd one that's sneaks on playstore.


  • Registered Users, Registered Users 2 Posts: 9,605 ✭✭✭gctest50


    What malware is on android?

    Apart from dodgy side loaded apps or the odd one that's sneaks on playstore.

    loads - some infect the pc they are plugged into

    best to snip the data +/- wires in office pc s if people charge phones off them
    AccuTrack
    This application turns an Android smartphone into a GPS tracker.

    Ackposts
    This Trojan steals contact information from the compromised device and uploads them to a remote server.
    Acnetdoor
    This Trojan opens a backdoor on the infected device and sends the IP address to a remote server.

    Adsms
    This is a Trojan which is allowed to send SMS messages. The distribution channel of this malware is through a SMS message containing the download link.

    Airpush/StopSMS
    Airpush is a very aggresive Ad-Network.

    AnServer/Answerbot
    Opens a backdoor in Android devices and is able to steal personal information which will be uploaded to a remote server afterwards.
    Antares/Antammi
    This is a Trojan which steals personal information from the infected device.
    Arspam
    This malware represent the first stage of politically-motivated hacking (hacktivism) on mobile platforms.
    AVPass
    This malware family tries to detect and circumvent Android security tools (like AntiVirus apps) installed on the infected device. Afterwards, the app tries to steal sensitive data and receives additional comands via SMS.



    BackFlash/Crosate
    This malicious app installs a fake Flash plugin that registeres itself as device administrator and leaks sensitive information.

    Badaccents
    This malware claims to download a copy of “The Interview” but instead installs a two-stage banking Trojan onto victims’ devices.
    Badnews
    Once activated, BadNews polls its C&C-Server every four hours for new instructions while pushing several pieces of sensitive information including the device’s phone number and IMEI up to the server.


    BankBot
    This malware tries to steal users’ confidential information and money from bank and mobile accounts associated with infected devices.


    Basebridge
    Forwards confidential details (SMS, IMSI, IMEI) to a remote server.

    BeanBot
    This is a Trojan which is allowed to send SMS messages and which is controlled by a C&C-Server.


    Beita
    A simple info stealer.
    Binv
    This malware is a classical Banking-Trojan that is targeting Brazilian users of Android devices.



    BgServ
    Obtains the user’s phone information (IMEI, phone number, etc.). The information is then uploaded to a specific URL.



    Biige
    This spyware records SMS messages, calls, location, etc. and uploads these data to a remote server.

    Booster
    This application steals personal information and uploads these data to a remote server.
    Boxer
    This trojan sends SMS messages to premium rated numbers.
    Cajino
    This malware is a classical RAT that tries to exfiltrate sensitive information. What makes this sample special is that it is using Baidu Cloud Push service for communication.

    Carberp
    Tries to steal confidential banking authentication codes (mTAN messages) sent to the infected device.

    Cawitt
    This application steals personal information and uploads these data to a remote server.
    Cellspy
    This application is a smartphone tracker.
    Chulli
    This malware family was used within in targeted attack. The e-mail account of a high-profile Tibetan activist was hacked and used to send targeted attacks to other activists and human rights advocates. After a mobile device gets infected, it connects to a C&C-Server and waits for SMS commands to leak sensitive data to this server.


    Code4hk/xRAT
    This malware has been used within targeted attacks in Asia and tries to exfiltrate the geolocation of the victim as well as voice recordings. The malicious sample is spreading through WhatsApp messages.

    Coogos
    Backdoor Trojan which has the capability to receive a remote connection from a malicious hacker and perform actions against the compromised system.

    CopyCat
    Is a aggressive and malicious ad network. The main goal is to generate revenue.
    Cosha
    This applications monitor the infected device and send personal data to a remote server.
    Counterclank
    Is no real malware but a very aggressive ad-network with the capability to steal privacy related information.


    Crusewind
    Intercepts incoming SMS messages and forwards them to a remote server including informations like IMSI and IMEI.
    Dogowar
    This Trojan sends spam SMS messages to all contacts.
    Dougalek
    This application steals personal information and uploads these data to a remote server.
    DroidDeluxe
    Exploits the device to gain root privilege. Afterwards it modifies the access permission of some system database files and tries to collect account information.
    DroidDream
    Uses two different tools (rageagainstthecage and exploid) to root the smartphone.


    DroidDreamLight
    Gathers information from an infected mobile phone (device, IMEI, IMSI, country, list of installed apps) and connects to several URLs in order to upload this data.

    DroidJack/SandoRAT
    This malware has similar features to other Android RATs. Some of those features include the following: Install any APK, view all messages on the device, listen to call conversations made on the device, etc.


    DroidKungfu
    Collects a variety of information on the infected phone(IMEI, device, OS version, etc.). The collected informaiton is dumped to a local file which is sent to a remote server afterwards.


    DroidSheep
    This application can capture and hijack unencrypted web sessions.
    DSEncrypt
    Steals sensitive information (SMS messages, certificates and private keys, etc.) from infected smartphones and uploads the data to a remote server.
    Extension/Monad
    This Trojan is able to intercept incoming and outgoing phone calls, open a browser and visit specific websites, execute clicks on advertisements and is able to upgrade its own malicious code. Furthermore, the corresponding app can make phone calls, send SMS messages and collects privacy related information like call history, contacts, GPS location and device ID which all will be uploaded to a remote server.



    FaceNiff
    This application can capture and hijack unencrypted web sessions.
    FakeAngry
    Backdoor Trojan which has the capability to receive a remote connection from a malicious hacker and perform actions against the compromised system.


    FakeAV
    The malware deceives users into paying for cleanup of other non-existent infections on their device. In addition to displaying fake messages of infection, the APK also has the functionality to intercept incoming and outgoing phone calls as well as messages.
    FakeBank
    This app is a Trojan horse for Android devices that opens a back door and steals information from the compromised device. Additionally, it is able to infect a connected Windows PC and tricks the user to exchange legit banking apps against malicious ones.



    FakeDaum/vmwol
    The Trojan gathers the following information from the compromised device: SMS messages, phone number and the IMEI of the infected device.
    FakeDefender
    This app is a Trojan horse for Android devices that displays fake security alerts in an attempt to convince the user to purchase an app in order to remove non-existent malware or security risks from the device.
    FakeDoc
    This Trojan installs additional applications.
    FakeFlash
    This Trojan redirects the user trough paid proxies.
    FakeInst
    The most common Fraudware. These applications send premium SMS messages.
    FakeJobOffer
    The malware displays a scam message which tries to make the victims to believe they have been selected as job candidates. In order to secure their placement in the company, they must make a deposit into a bank account.

    FakeMarket
    The overall goal of this malicious app is simply to fraudulently boost the number of visits to about 20 different websites within google search.

    FakeMart
    The Trojan may perform the following actions while it is hiding itself as a blackmarket app: Clear the XMBPSP.xml contents in shared preference and reconfigure it to send premium rated SMS messages to 81211 or 81308, set the device to silent mode, delete SMS received from 81211, etc.

    FakeNefix
    This application steals user credentials.
    FakeNotify
    This app sends premium rated SMS messages while using obfuscation and detection techniques to get around AV tools.
    FakePlay
    The application will run in the background, gathering SMS activity and periodically send it to a proxy email address. Once executed, the Trojan requests Device Administrator privileges.

    FakePlayer
    Sends SMS messages to preset numbers.
    FakeRegSMS
    It sends SMS messages to premium rated numbers and tries to hide this action from the malware investigators by using some kind of steganography.
    FakeTaoBao
    This malware tries to steal user credentials for TaoBao and ZhifuBao. Combined with another app of the same developer it is also able to send SMS messages.


    FakeTimer
    Sends personal information to a remote server and opens pornographic websites

    FakeUpdate/Apkqug
    This malware family acts as automated downloader for further apps.
    FakeVertu
    SMS Trojan targeting Vertu consumers in Japan. This Trojan receives all incomming SMS messages and uploads them to a remote Server.
    Find and Call/Fidall
    Sends personal information (address book) to a remote server.
    Finspy
    This Trojan is a component of a commercial surveillance product that monitors user activity.

    Fjcon
    This Trojan connects to a C&C-Server and has the ability to install additional packages and send premium rated SMS messages.



    Flexispy
    This malware tracks phone calls, SMS messages, internet activity and GPS location.
    Foncy
    This Trojan sends premium rated SMS messages.
    Fonefee/Feejar
    This Trojan sends premium rated SMS messages.
    Fokange/Fokonge
    Is a information stealing malware which uploads the stolen data to a remote server.
    Gamex
    Opens a back door and installs additional applications.


    Gazon
    This malware tries to exfiltrate sensitive information and is displaying ads. The malicious sample is spreading through WhatsApp and SMS messages.

    Geinimi
    Opens a back door and transmits information from the device (IMEI, IMSI, etc.) to a specific URL.

    GGTracker
    Sends various SMS messages to a premium rated number. It also steals information from the device.
    GingerBreak
    GingerBreak is a root exploit for Android 2.2 and 2.3
    GingerMaster/GingerBreaker
    Gains root access and is harvesting data on infected smartphones. This data is send to a remote server afterwards.

    Godwon
    This app tries to steal contact and personal data from the local address book and the Skype app.
    GoldenEagle/GlodEagl
    This Trojan steals personal information and receives commands via SMS.

    GoneIn60Seconds
    Steals information (SMS messages, IMEI, IMSI, etc.) from infected smartphone and uploads the data to a specific URL.
    GPspy
    Tracks the location of the infected device.
    HeHe
    This Trojan steals text messages and intercepts phone calls.
    HideIcon
    Steals information (SMS messages, IMEI, IMSI, etc.) from infected smartphone and uploads the data to a remote server. Adtionally, it displays full-screen ads to the user.
    HippoSMS
    Sends various SMS messages to a premium rated number and deletes the incoming SMS messages from this numbers.
    HongTouTou/Adrd
    Is an information stealing malware which uploads the stolen data through a local proxy to a remote server. The data is encrypted beforehand.
    Iconosys
    This application steals personal data.
    Imlog
    This application steals personal data.
    Jifake
    This application sends premium rated SMS messages.
    JollyServ
    The Trojan may send premium rated SMS messages, send SMS messages to all contacts of the infected user and intercepts incomming SMS messages.
    Jsmshider/Xsider
    Opens a backdoor and sends information to a specific URL.
    Kidlogger
    This Trojan steals personal information and sends it to a remote server.
    KMIN
    Attempts to send Android device data to a remote server.
    Ksapp
    This Trojan has the capabilities to remote access connection handling, perform DoS or DDoS, capture keyboard inputs, delete files or objects, or terminate processes.


    LeNa
    LeNa needs a rooted device for the following actions: Communicating with a C&C-Server, downloading and installing other applications, initiating web browser activity, updating installed binaries, and many more….



    Lien/
    After installation, the application will collect sensitive user information such as phone number, incoming and outgoing SMS, and recorded audio to an email address. Then it makes use of SMTP servers to send the stolen data back to the attacker.

    Loicdos
    This Trojan has the capability to perform DoS or DDoS.
    Loozfon
    This Trojan steals personal data.
    Lovetrap/Luvrtrap
    Sends SMS messages to premium rated numbers and steals smartphone information.
    Luckycat
    Opens a backdoor and is listening for commands from a remote server.

    Maistealer
    This Trojan steals personal data
    Malap
    Another simple info stealer.
    Mania
    This Trojan sends SMS messages to premium rated numbers.
    MMarketPay
    This Trojan can automatically buy applications in Chinese Android marketplaces.
    MobiDash
    Classical Adware that displays full-screen ads to the user. img src=”http://forensics.spreitzenbarth.de/wp-content/uploads/2011/10/market.png” alt=”” title=”android_market” width=”30″ height=”30″ class=”aligncenter size-full wp-image-290″ />
    MobileSpy/Godwon
    This Trojan steals personal data.
    MobileTx
    This Trojan steals personal data and sends it via SMS messages or HTTP.
    Mobinauten
    This application tracks the location of the infected smartphone.
    Moghava
    Compromises all pictures of the smartphone by merging them with a picture of Ayatollah Khomeini.
    Nandrobox
    This Trojan steals personal data and deletes certain SMS messages.
    Netisend
    Gathers information from infected smartphones and uploads the data to a specific URL.
    Nickispy
    Gathers information from infected smartphones (IMSI, IMEI, GPS location, etc.) and uploads the data to a specific URL.


    Obad
    One of the most sophisticated malware families until 2013. A detailed analysis can be found here.





    Oldboot/MouaBad
    It gains root permission by system vulnerabilities and reflashing the system partition. It also tries to run malicious code in the early stage of system’s booting to prevent to be cleaned by AV apps. Afterwards, some versions of this family send out premium rated SMS messages and act as a bot.


    OpFake
    The second most common Fraudware. These applications send premium SMS messages.
    PDAspy
    This Trojan steals personal data and location information.

    Penetho
    This application is a hack tool to crack WiFi passwords.
    Photsy/Phopsy
    This malware tries to leak all jpg and mp4 files from an infected device.
    Pincer
    This malware is able to forward SMS messages and perform other actions based on commands it receives from its remote server.

    Pjapps
    Opens a backdoor and steals information from the device. This malware has capabilities of a bot implemented.
    Placms
    This Trojan has the capabilities to remote access connection handling, perform DoS or DDoS, capture keyboard inputs, delete files or objects, or terminate processes.

    Plankton
    This malware has the capabilities to communicate with a remote server, download and install other applications, send premium rated SMS messages, and many many more….



    Podec
    This trojan sends SMS messages to premium rated numbers and is able to bypass the Advice of Charge system that Android displays the user normally when sending premium rated messages.
    PoisonCake
    This malware can setup itself, decrypt and drop other payloads, create background services, and is able to perform the following malicious actions: Inject com.android.phone, send and intercept SMS, visit WAP site, collect phone info and upload them to a remote server….



    Qicsomos
    It sends SMS messages to premium rated numbers.
    Raden
    This malware is sending one SMS message to a chinese premium number.

    Repane
    A simple information stealer.
    Roidsec/Sinpon
    An simple Android info stealer.

    RootSmart/Bmaster
    This malware is taking advantage of the GingerBreak exploit to gain root privileges. This exploit is not embedded into the application instead it is dynamically downloaded from a remote server together with other malicious apps.





    RuFraud
    Sends premium rated SMS messages. This is the first malicious app of this kind which was specially build for European countries.

    Saiva
    This Trojan has the capabilities to remote access connection handling, perform DoS or DDoS, capture keyboard inputs, delete files or objects, or terminate processes.

    Samsapo
    This malware spreads through malicious SMS messages and communicates with a C&C-Server. The corresponding samples have the ability to install additional packages and send premium rated SMS messages.


    Scavir
    Sends SMS messages to premium rated numbers.
    Scipiex
    A simple information stealer.
    SeaWeth
    This Trojan has the capabilities to remote access connection handling, perform DoS or DDoS, capture keyboard inputs, delete files or objects, or terminate processes.

    Selfmite
    This SMS worm used a legal advertising platform and pay-per-install for monetisation and is spreading through SMS messages.
    Skullkey
    The Trojan hides using the Android Master Key vulnerability to keep the legitimate app signature valid. It allows attackers to perform the following actions: Open a back door, steal sensitive data (such as IMEI and phone number) and sends it to a remote server, send premium rated SMS messages, etc.


    Smack
    The spyware is based on XMPP Smack Openfire and has the following capabilities: Upload users’ contact information, short messages, phone records, GPS location and date, hide its icon and intercepts specified short messages.

    SMSpacem
    Gathers information from the smartphone and uploads this data to a specific URL. This malware also sends SMS messages.


    SMSreg
    Registers the infected smartphone to non-free services.
    SMSilence/SMSCatcher
    SMS Trojan targeting Starbucks consumers in South Korea. This Trojan receives all incomming SMS messages and uploads them to a remote Server.
    SMSspy
    Banking Trojan targeting consumers in Spain.
    SMSsniffer
    Sends copies of SMS messages to other devices.
    Sndapps/Snadapps
    The malware is able to access various information from the device: the carrier and country, the device’s ID, e-mail address and phone number and uploads this information to a remote server.
    SpamBot
    Sends SMS spam messages. The application gets the content of the spam message and the receiver numbers through a C&C-Server.

    Spitmo
    Is one of the first versions of the SpyEye Trojans for the Android OS which steals information from the infected smartphone. The Trojan also monitors and intercepts SMS messages from banks (mTAN messages) and uploads them to a remote server.

    SPPush
    This malware is sending premium rated SMS messages and is posting privacy related information to a remote server. From the same server the malware is downloading new applications.


    SpyBubble
    This Trojan steals personal data.
    SpyOO
    This Trojan records and steals personal data.
    Ssucl
    This Trojan is the first Android Trojan which is able to infect a connected Windows PC. Additionally, it is able to send SMS messages, enable Wi-Fi, gather information about the device and its user (like contacts, photos, GPS data) which is uploaded to a remote server. Furthermore, this Trojan is able to upload the whole SD card and all SMS messages stored on the device.




    Steek/Fatakr
    Is a fraudulent app advertising an online income solution. Some of the samples have the capability to steal privacy related information and send SMS messages.


    TapSnake/Droisnake
    Posts the phone’s location to a web service.
    Tascudap
    This application connects to a remote server (gzqtmtsnidcdwxoborizslk.com) and monitors incoming SMS messages for comands. The infected device can be used for DDoS attacks.

    Tetus
    This Trojan receives all incomming SMS messages and uploads them to a remote server. The corresponding app is also allowed to delete SMS messages on the infected device and is able to send SMS messages. Additionally, the Trojan sends a list of all installed apps to a remote server.

    TigerBot
    This malware is communicating with a C&C-Server via SMS messages, is able to download and install other applications, initiate web browser activities, update installed binaries, and many more….



    Titan
    This malware has been used within targeted attacks in Asia and tries to exfiltrate sensitive information. The malicious sample is spreading through SMS messages.

    Tonclank
    Opens a backdoor and downloads files onto the infected devices. It also steals information from the smartphone.
    TGloader/Stiniter
    Listens to a C&C-Server for commands. This Trojan can install additional applications and send premium rated SMS messages.


    Tracer
    Commercial Spyware – see http://killermobile.com/manuals/TRa.pdf for more information



    TypStu
    This Trojan steals personal data.
    UpdtBot
    This malware spreads through malicious SMS messages and communicates with a C&C-Server. The corresponding samples have the ability to install additional packages and send premium rated SMS messages.


    UpdtKiller
    This Trojan detects and disables installed AV applications.
    Uracto
    This malware is used to trick mothers, anime fans, gamers, and more to install the malicious apps and steals sensitive data afterwards.
    USBcleaver
    When the device is connected to a Windows computer that does not have autorun disabled, the Trojan tries to gather a bunch of information from the computer, including: Default gateway, Google Chrome password, IP address, Microsoft Internet Explorer password, WiFi passwords, etc.

    Uten
    When the Trojan is executed, it reports the status of the device back to the attacker and then downloads a configuration file that contains lists of phone numbers. Afterwards, the Trojan sends SMS messages to phone numbers listed in this configuration file. It may also perform the following additional actions: modify device settings, download and install new packages, attempt to get root privileges, etc.




    Uxipp
    This malware attempts to send premium rated SMS messages.
    Vdloader
    This malware opens a backdoor on the infected device and steals personal data.

    Walkinwat/Pirater
    Sends SMS messages to all numbers within the phone book and steals information from the infected device.
    Waps/Simhosy
    This malicious app tries to steal SMS messages and contact entries from an infected device.
    YZHC
    This malware is sending premium rated SMS messages and blocks any incomming message that informs the user about this services. As another malicious behaviour the malware is uploading privacy critical information to a remote server.


    Zeahache
    Opens a backdoor and uploads stolen information to a specific URL. It also sends SMS messages.



    ZergRush
    ZergRush is a root exploit for Android 2.2 and 2.3
    ZertSecurity
    This malicious apps try to trick a compromised user to insert his banking account details which will then be sended to the attackers.

    Zitmo/Citmo
    Tries to steal confidential banking authentication codes (mTAN messages) sent to the infected device.

    Zsone
    Sends SMS messages to premium rated numbers related to subscription for SMS-based services.


  • Registered Users, Registered Users 2 Posts: 772 ✭✭✭maki


    gctest50 wrote: »
    loads - some infect the pc they are plugged into

    best to snip the data +/- wires in office pc s if people charge phones off them

    And none of the malware listed can be contracted via the Play Store since Google scans every APK uploaded.

    As was said, the only way to get them is to download dodgy APKs or install apps via alternative markets.


  • Registered Users, Registered Users 2 Posts: 1,469 ✭✭✭Asmooh


    maki wrote: »
    And none of the malware listed can be contracted via the Play Store since Google scans every APK uploaded.

    As was said, the only way to get them is to download dodgy APKs or install apps via alternative markets.

    well not really.. i dont know how it is now but you can inject malware on remote, no malware when upload to play store, insert when connected and opening the app. even open wifi network or fake gsm netwok can inject malware


  • Registered Users, Registered Users 2 Posts: 2,875 ✭✭✭deadanonymau5


    Joolzie wrote: »
    Thanks SonicWind, I am in the process of following that sound advice. BTW I know who it is....finally, after 7 years!!
    cannotcope wrote: »
    did you find how he was doing it? Was it a keylogger?
    PeteK* wrote: »
    How did you find out and why were they doing it?

    Interested in this too, how did you find out Joolzie?


  • Registered Users, Registered Users 2 Posts: 105 ✭✭Joolzie


    Interested in this too, how did you find out Joolzie?

    I found out last year, when i created a facebook profile for the first time. After I made loads of friends and was well established. I was looking how to do something, and opened up the page where you can see where other profiles have been looking at yours, and there they were, in all their disgusting and evil splendour. I copped on after that about my gmail being hacked every time I went on you tube. This was 6 years after the house share, and they had n't moved on. How sad. They found me, did n't use my real name, by my gmail address and phone number. yes, I know that's meant to be private. I deleted everything, got new phone, number etc, and here we still are a year later...but now I have copped on with the help of you guys, and know what i have to do ..:)


  • Registered Users, Registered Users 2 Posts: 105 ✭✭Joolzie


    Interested in this too, how did you find out Joolzie?

    I found out last year, when i created a facebook profile for the first time. After I made loads of friends and was well established. I was looking how to do something, and opened up the page where you can see where other profiles have been looking at yours, and there they were, in all their disgusting and evil splendour. I copped on after that about my gmail being hacked every time I went on you tube. This was 6 years after the house share, and they had n't moved on. How sad. They found me, did n't use my real name, by my gmail address and phone number. yes, I know that's meant to be private. I deleted everything, got new phone, number etc, and here we still are a year later...but now I have copped on with the help of you guys, and know what i have to do ..:)
    So, have yet to see if I can get the IP address of source...


  • Registered Users, Registered Users 2 Posts: 2,875 ✭✭✭deadanonymau5


    Joolzie wrote: »
    I found out last year, when i created a facebook profile for the first time. After I made loads of friends and was well established. I was looking how to do something, and opened up the page where you can see where other profiles have been looking at yours, and there they were, in all their disgusting and evil splendour. I copped on after that about my gmail being hacked every time I went on you tube. This was 6 years after the house share, and they had n't moved on. How sad. They found me, did n't use my real name, by my gmail address and phone number. yes, I know that's meant to be private. I deleted everything, got new phone, number etc, and here we still are a year later...but now I have copped on with the help of you guys, and know what i have to do ..:)
    So, have yet to see if I can get the IP address of source...

    Thanks. Im not sure I follow though, on Facebook you can't see who looked at your profile?

    Also, Avast is a very good antivirus. I found when running boottime scans on it, it found what other antivirus software didn't pickup. Also, I think other people recommended you software, don't put too many on as they may conflict and cause your laptop problems.


  • Registered Users, Registered Users 2 Posts: 1,005 ✭✭✭PeteK*


    Joolzie wrote: »
    So, have yet to see if I can get the IP address of source...
    You can get it from your gmail.


  • Advertisement
Advertisement