Hello Cyberman!
This article will be about mobile spyware and how.
With the spread of smartphones, spyware begin to proliferate. And she recently reported that he had a health problem.
We’ll call it “G” for now. She wrote to me and asked me to help.
She reported that he had downloaded ESET, Avast, Kaspersky Antivirus and detected a virus.
Her main actions were as follows:
– Restore the phone to factory settings.
– Reset device
She conveyed that she did such operations, but did not go.
I got the device. And I started testing with a laptop with a Windows operating system.
Used programs:
– WireShark (for laptop)
– KingRoot (for Phone)
– Termux (for phone)
First of all, I turned on my computer’s mobile hotspot feature.
As seen above. Then I right-clicked with the mouse and clicked “Go to Settings” for Mobile Hotspot.
Then I changed the password and connected the mobile device. I opened the software called Wireshark (If you don’t know Wireshark please read this article) and in the “Local Network Adapter” option, I selected the field with the ip address 192.168.137..
Then, in WireShark, it started to be seen where the device was sending packets to.
I noticed that among the listed requests, it is constantly trying to perform req and res operations from an abnormal port.
When I examined the IP address, I found out that it is not a server and connects to a computer with dynamic dns.
And I realized that the software works with a fixed software that is connected to the system.
(Because if it was a normal malicious apk, it would be gone when it was reset.)
Then I opened developer options to root the device. And I rooted it with the software named Kingroot.
I downloaded the software called Termux to the phone. And I gave permissions. For reading and deleting files. (Please click. How to for termux give it to permission )
Thanks to the fixed software named “Weather”, I learned that the system was logged in every way. And I deleted the installation and other files of the software named “Weather” from Termux.
And when the software named “Weather” is removed from the device
– ESET
– Avast
– Kaspersky
– AVG
When I scanned the device for this, it was seen that it was clean.
After scanning with Wireshark, it was seen that it did not send a request to the IP address. I did give her it mobile device. And she is now happy.
Seems clean so far…
I hope it stays like that..
Note: Unreal photos are used for this article. Because it happened in November.
Have a nice day with lots of informatics. 🙂
Your article helped me a lot, is there any more related content? Thanks! https://www.binance.com/de-CH/register?ref=PORL8W0Z
Thank you 🙂