dendroid

Phone Virus? Seeing is believing

 

So, I have read in various articles from different tech blogs about the existence of a phone virus. Well, not really a phone virus, but rather phone viruses. Given how few there are, and how many phones in the world there are, I never thought I’d ever see one for myself. I mean, yes, I fix computers, and yes, I do some work one phones; but really? A phone virus? Then one day this past month I get a call from someone I’ll call Mohinder (after the Heroes character).

Mohinder asks me if I work on phones, and I say that yes, I do. I tell him that I do mostly software work on phones, such as installing custom ROMs (like Cyanogenmod) and un-bricking certain phones (like the Samsung Galaxy S Series). Anyway, he tells me that he thinks/knows that someone hacked his phone because he got a strange text message that said, “did you get it?” with a link, and that when he clicked on it, “nothing seemed to happen.” When he tried to call the number that had sent him the text message, something strange happened; it went to his voice-mail. Not too long after that, he noticed that all the pictures in his phone were gone; including some he needed for some court proceeding. What he wanted me to do was

  1. Try and recover the pictures that were on his phone’s internal and external memory.
  2. Check to see is there is a virus on his phone and remove it.

Suffice it to say, this all seems a little outlandish to me, but not being one to turn away someone I think I can help, I told him to bring me the phone and I would see what I could do. The first thing I tried was the data recovery. Luckily, Mohinder did the right thing when he immediately turned off the phone, and didn’t use it any more, once he noticed that his pictures were gone. If anyone every looses data, in order to have the best chance of getting the missing data back “safe and sound,” stop using whatever device the missing data is on immediately. Because of his good instincts, I was able to recover many of the pictured Mohinder had lost. Unfortunately, not all the pictures I was able to recover were intact, including two that he was hoping to get back, but when dealing with data recoveries, getting everything back 100% intact is very rare.

Once that was done, it was time to move on to the potential phone virus. Mohinder was smart, and had already tried installing Malwarebytes on his phone, but it hadn’t picked anything up. Having done hundreds of malware/virus removals over the years, I knew that it’s best to use multiple pieces of software because they all work a little differently, so what one misses, another might catch. Also, some software focuses on more “traditional” viruses like Trojans; while others focus on adware/spyware. Malwarebytes focuses more on the adware/spyware side of things, so I knew it would be a good idea to install and scan with something that focuses on more “traditional” viruses; something like Avast!.

As you can see in some of the pictures, Avast! did indeed find a Trojan virus on Mohinder’s phone; something I found to be both surprising, kind-of cool, and also scary. If you look at what permissions the Trojan had, it could track the pgones location, read the phone’s identity info (like phone number and phone’s serial number), it could access contacts and accounts, and also receive and read SMS and MMS messages. In addition, it had permissions to access the phones storage memory, which is how whoever they are were able to delete Mohinder’s photos (and do who knows what else with those pictures).

With the virus found, Avast! was able to remove it with no problem; and subsequent scans with other things turn up clean. All in all, I think this phone virus adventure turned out fairly well; the data recovery was mostly successful, and the virus was removed. The client was happy with the speed and quality of the work, and I was paid an about that was fair for the work I did.

 

Lessons learned:

  1. Back up your data. When you are done, back it up again in a different place. You can “never” have too many back-ups.
  2. You should not enable “Unknown Sources” in Android to install apps outside the play store and leave it enabled. If you need to install something from outside the Play Store, that’s ok, but install the program and then disable “Unknown Sources;” you are much safer that way.
  3. Don’t click on links in any emails (usually on your desktop) or text messages (usually on your phone) from people/numbers you don’t recognize.
  4. Viruses for Android do exist.

 

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.