Hello everyone,
Here’s come your Genie,
I have been following this Mega thread from months, since the last November when this outbreak started. I have many information on this Panasonic Server Hack and malicious apps ( wqbd etc, auto installation and whatsapp spamming) and .NLAndroid, .MLAndroid folders creation etc.
I also have one-stop solution to this exploitation; in India we call it “Raam Vaan”.
Please read this whole patiently (if impatient, skip to the solution part in lower most section) as I have found the solution of this & going to tell you but before that I will conclude some information about this virus and critisize Panasonic for its Blind Eye.
I am Piyush. I am using Panasonic P91 for four years. It was all good until last week of November 2021 when I sensed some unauthorised activities in my mobile phone.
ABOUT THIS EXPLOITATION:
Recently, Panasonic severs were hacked and data were leaked. Humurous is that their server remained hacked for six months from June to November until they claimed to overturn this hack in last week of Novemeber.
Exactly from that time, i.e., November end, all panasonic models running on Android 7 (not sure for android version) were comprimised. Still now neither Panasonic has taken this into account nor users have any simple solution.
[Pansonic exited the mobile arena in late 2019. so they don’t have any resolution or proper care on this.]
WHAT THIS EXPLOITATION DOES TO US:
This exploitation steals your personal data like contacts, your voice via microphone access, captures your videos and photos while in background via camera access. This also installs various malicious apps like wqbd, rythm master, BBQ browser, and many more unknown apps, depending on mobile phones and area.
This changes your Chrome Homepage which is not reversible at all from your end.
First sign of this virus entering your mobile can only be seen in file explorer by unhiding the folders, you will see folders like .MLAndroid, .NLAndroid, .android , Idlepub, Publist and many more hidden folders with unreadable files in it.
In app manger (third party apps like CX Explorer) you will see various unknown apps installed with elevated access toemicrophonee, contacts, camera, storagge etc. These will not go any any cost.
You will see your mobile numbers getting registered on different apps like Whatsapp, Telegram, Snapchat, etc and if you are using whatsapp your number will get banned because of automated spam messages sent from your account while your screen is off and will be deleted when you will turn on screen or you may be able to see some traces if you’re lucky enough.
Your mobile will become on DND whenever your mobile screen goes off and whenever your screen will wake you will see DND getting reverted back.
Your Amazon A/C’s phone no. being registered to another account.
Your OTPs will be captured and SIM will be misused by spam calls without yourself knowing about this.
Various applications’ notification will be silenced automatically.
And many more unknown things...
THE SOLUTION -whoa!! (a.k.a Raam Vaan):
Many of you might have tried calling, email-ing Panasonic support or storming their Twitter handle etc.; all in vain, because they have exited the market and now no one is there to properly address this and issue any patch nor they have any costumer base to save. Also they don’t have any money to hire programmers or investigators to take a look on this. You can think of yourself that how weak their system is and how irresponsible and empty they are, that their server remained compromised for nearly half year.
So, here is the solution to save yourself...but, 1. functionality will decrease 2. you must have a PC to use adb commands.
(or, you are advance enough you may install some custom ROM and save yourself from reading this whole piece)
Here are the steps to save your Panasonic mobiles:
(Make sure mobile is not connected to internet)
Step 1: Do a full reset to your mobile, from settings -> Backup and Reset. After resetting your mobile, now switch off your mobile and press power key and volume up key simultaneously to open bootloader (some mobiles might have different key combinations, google it if yours doesn’t come) and from in bootloader menu select WIPE DATA option. After completion, restart your mobile.
Step 2: Now go to settings -> System update -> Turn off automatic updates option and also select Never in check for updates option.
Step 3: Now disable Chrome. (ops! You can never use google or any chromium based browser like Vivaldi, Brave etc) I haven’t tried Firefox and at present using Stargon browser.
Step 4: Now go to Security option and untick every app from device administrator.
Step 5: Now go to apps option and click on top right gear icon then you will land on “configure apps” section then click on apps permission option and then for each and every permission remove access to each and every app (make sure you click above three lines and select to show system apps) whether its user or system. Make sure you disable system apps permission also otherwise this will not work. EACH and EVERY!!
In previous menu “configure apps section’’ you will see special access option in lower most. In special access option, remove all permission to all apps as you did before. Every apps should have “NO” or “OFF” value.
Step 6: Now enable Developer option and connect your mobile to PC via adb. (google for more help)
Now (as per screenshot) remove these packages from your system especially download manager and system update (some apps might not be present in your mobile but these two apps must be present and should be removed importantly.
Connect via adb and enter command: adb devices and check whether your device is recognised. Now enter command: adb shell and press enter, then write the command
pm uninstall -k –user 0 com.redstone.ota.ui
when screen shows success, enter next command
pm uninstall -k –user 0 com.android.providers.downloads
when screen shows success, enter next command
pm uninstall -k –user 0 com.example
when screen shows success, enter next command
pm uninstall -k –user 0 com.android.providers.downloads
additionally if you want to uninstall more system apps for current user follow this link:
https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/ but make sure you don’t remove core system apps as you may brick your phone!
NOW its done! You’re safe and now enjoy your mobile with internet but but but...
only give permission to apps to whom you trust and always keep checking STEP 5 for permissions periodically, if you think some app has enabled permission without your permission, especially system apps, remove permission immediately.
Never enable chrome or give access to storage to chrome in any scenario.
Never ever update your system or reset your mobile.
One more thing, install CX Explorer (or by default file explorer) and keep checking for hidden folders like .android, .NLAndroid, .MLAndroid etc
Most importantly, Never enable “Allow installation from unknown sources” settings.
Ahhh... I am tired writing this, Typo errors are inevitable. I hope it will help you all and please send it to everyone/every forum with a small credit to me.
Spread this solution to everywhere.
If you’re still facing some issues or stuck somewhere or want more clarification, I, Piyush will happy to help you. Just let me know.
Good Bye. Stay safe!!
Help world to create more healthy and secure internet.
Love from INDIA!