Hi,
There was a security breach in my home network and connected Android devices to the home wifi were infected. There were logged signs of tampering with the anti-virus, unauthorized access to Google accounts and unrecognized credit card purchases. The infection was treated with a clean install of Windows on the desktop and Factory Reset of ALL four connected Android devices. I did my best to avoid cross infections by carefully disconnecting the internet and resetting them one by one.
There is still signs of infection after factory reset!
=> Google activity logs shows Android device1 has logged access to hxxp:com.iu.ad_phase_0 multiple times on periods of no/low device activity
=> Android device1 opened a window with an alarming message that "this phone has a dangerous trojan!" from:
=> The message above appeared by only clicking on the Chrome app. The phone was immediately turned off without any action on the window.
=> Android device2 cannot open Google Play Store for reinstallation of apps. The error message is "Unfortunately, Google Play has stopped working"
There is a total of 4 Android devices connected to the home network; two Samsung devices (A5 and J5), one LG device (K10), one Samsung tablet (Galaxy Tab 4). At this point I have no reason to trust any of them. Anti-virus was the premium paid version and enabled on all the devices prior to the infection. It shows clean scans now, but it never warned of anything prior either. None of the devices were rooted or ever attempted. There were no cracked applications or P2P programs installed.
Please advise.
There was a security breach in my home network and connected Android devices to the home wifi were infected. There were logged signs of tampering with the anti-virus, unauthorized access to Google accounts and unrecognized credit card purchases. The infection was treated with a clean install of Windows on the desktop and Factory Reset of ALL four connected Android devices. I did my best to avoid cross infections by carefully disconnecting the internet and resetting them one by one.
There is still signs of infection after factory reset!
=> Google activity logs shows Android device1 has logged access to hxxp:com.iu.ad_phase_0 multiple times on periods of no/low device activity
=> Android device1 opened a window with an alarming message that "this phone has a dangerous trojan!" from:
Code:
hxxp://launchacross.bid/ferbirthidcoms/hicahdxgams?b6b97525010e4a2db3e7cd3418da6b08bd7742280df55d2da9fbb81f9257d914240551fa4b77936d19d61dc0094c3c53f5acc6b4a93ff185b06540d50e369eb052ed54165525b3f607c4dd5572687a0cbe68ac68a822e19a8b79120bf36ab6ca0ea79e5c5cdea0569dae4eed692306cc37d5b0c2b5d40d113eb368fc4933399cc6ca2008081acfb131f11c4799546810f35d0c422515b62e2c802b57a4aa217cfb6ac2ebce86521554069edc5bcb5b9678a9830fb54b1a03ed58b5ee7bee7b5f8253113ced4ebb7259d19af3d70f432ab3f57c8f383db5a2ccccd443988982addb340d3f48e6d24ae61fcc2ab2ef81e1b77f207770535341a7bd9244a946337b885146795487da60f51d363ab0cc9202#
hxxp://launchacross.bid/ferbirthidcoms/hicahdxgams?b6b97525010e4a2db3e7cd3418da6b08bd7742280df55d2da9fbb81f9257d914240551fa4b77936d19d61dc0094c3c53f5acc6b4a93ff185b06540d50e369eb052ed54165525b3f607c4dd5572687a0cbe68ac68a822e19a8b79120bf36ab6ca0ea79e5c5cdea0569dae4eed692306cc37d5b0c2b5d40d113eb368fc4933399cc6ca2008081acfb131f11c4799546810f35d0c422515b62e2c802b57a4aa217cfb6ac2ebce86521554069edc5bcb5b9678a9830fb54b1a03ed58b5ee7bee7b5f8253113ced4ebb7259d19af3d70f432ab3f57c8f383db5a215879b16b6daaff4130660295a5f2803bb377894e229a6344d544ee58c1b69d14aa103633a6ca0f5b8f39df9cd0cec3377b1e89c11a6a8ab
hxxp://launchacross.bid/ferbirthidcoms/hicahdxgams?b6b97525010e4a2db3e7cd3418da6b08bd7742280df55d2da9fbb81f9257d914240551fa4b77936d19d61dc0094c3c53f5acc6b4a93ff185b06540d50e369eb052ed54165525b3f607c4dd5572687a0cbe68ac68a822e19a8b79120bf36ab6ca0ea79e5c5cdea0569dae4eed692306cc37d5b0c2b5d40d113eb368fc4933399cc6ca2008081acfb131f11c4799546810f35d0c422515b62e2c802b57a4aa217cfb6ac2ebce86521554069edc5bcb5b9678a9830fb54b1a03ed58b5ee7bee7b5f8253113ced4ebb7259d19af3d70f432ab3f57c8f383db5a27b2ed1cb0fd26de0cd9c6d00dba2c83ba50512010a41dc342a6ff126372a02b59f1535cb11ca24703168a22fa2d16033183c8cbf3b062f0d
hxxp://launchacross.bid/ferbirthidcoms/hicahdxgams?b6b97525010e4a2db3e7cd3418da6b08bd7742280df55d2da9fbb81f9257d914240551fa4b77936d19d61dc0094c3c53f5acc6b4a93ff185b06540d50e369eb052ed54165525b3f607c4dd5572687a0cbe68ac68a822e19a8b79120bf36ab6ca0ea79e5c5cdea0569dae4eed692306cc37d5b0c2b5d40d113eb368fc4933399cc6ca2008081acfb131f11c4799546810f35d0c422515b62e2c802b57a4aa217cfb6ac2ebce86521554069edc5bcb5b9678a9830fb54b1a03ed58b5ee7bee7b5f8253113ced4ebb7259d19af3d70f432ab3f57c8f383db5a27b2ed1cb0fd26de0cd9c6d00dba2c83ba50512010a41dc342a6ff126372a02b59f1535cb11ca24703168a22fa2d16033183c8cbf3b062f0d=> The message above appeared by only clicking on the Chrome app. The phone was immediately turned off without any action on the window.
=> Android device2 cannot open Google Play Store for reinstallation of apps. The error message is "Unfortunately, Google Play has stopped working"
There is a total of 4 Android devices connected to the home network; two Samsung devices (A5 and J5), one LG device (K10), one Samsung tablet (Galaxy Tab 4). At this point I have no reason to trust any of them. Anti-virus was the premium paid version and enabled on all the devices prior to the infection. It shows clean scans now, but it never warned of anything prior either. None of the devices were rooted or ever attempted. There were no cracked applications or P2P programs installed.
Please advise.
Facebook
Twitter
Instagram