Ragazzi dico una cosa che prima non avevo detto
Da un periodo le applicazioni mi cominciavano a crashare da sole ... anche applicazioni di sistema ... e non sapevo il perche'....
Adesso vado nell'archivio e vedo una cartella mai vista prima... si chiama "CMB" al suo interno c'e' n'e' un' altra di cartella che si chiama "eventfence" che al suo interno non ha niente...
Ho cercato su internet cosa fosse questa cartella e ho trovato che le rom si basano tipo sul CMB e ho trovato anche un articolo e post su un blog che mi impauriscono troppo.....
I post dicevano "Utente1: "I downloaded it on a recommendation, although it didn't occur to me that it shouldn't be 15th place down the search results when I searched the exact name. The app itself is shoddy looking and a bunch of nonsense. Obviously it's not the official CMB but is it malware? I did a scan with Avast while it was installed, then one after I uninstalled it and neither found problems, but I'm disturbed that the permissions included things like camera and microphone.
Any security experts have advice? Google Play sure is inept." ....
Utente2: "Well, I am not a security expert here. I did some analysis on this app.
The app is a fake app, not the official CMB. It asks a set of permissions, but it appears to use only a few ones. It consists of many additional libraries that can potentially turn it into a malware. I ran this app for one day on my phone. It has not done anything malicious so far.
Permissions:
It accesses geo-location coordinates of the device/user and this data is used by the core app functionality as well as by ad-libraries.
It has permissions and functionality to record audio/video files but it appears not to be executing that functionality. I removed Camera & Record_audio permissions from the app and the app is still working in the same way. Ideally, if it were using these permissions, the app should crash.
I have also checked app-specific folder on internal storage, it has not stored any recorded audio/video files in a one day span. But definitely, the app can do this based on some trigger at later stage.
The app also tries to write files in sdcard (/sdcard/Android/obb ) but I have not found anything there.
Network Traffic:
I have taken network traffic dump for a few hours at different intervals while playing this app, and analyzed that traffic. The app appears not to be leaking any sensitive information/data from the device.
Conclusion:
This is a fake and useless app, a user should not install it. Moreover, it has all required permissions (Camera, Contacts, Internet etc.) and code to exhibit malicious behavior (recording audio/video files and uploading it to the server). It didn't show any malicious behavior in a one day span but it can probably do in a next few days or based on some trigger, may be." ....
L'articolo diceva invece : "Win32.Kryptik.CMB is an aggressive Trojan horse designed by cyber criminals to help them to target computer and steal users' financial information in unfair way. This new variant Trojan is very stubborn and destructive and has ability to root deeply and firmly in system and then destroy computer operating system even computer itself. Creators of this Trojan are qualified with certain level of computer skills and they upgrade it to have a strong ability to disorder computer operating system or trigger fatal errors. When it drops on the targeted computer, it will first plant one or more small and malicious rootkits or files into operating system, and those rootkits can give system different kinds of false commands or instructions. In this case, if the system receives those wrong commands and follows its instructions to run, some programs or processes will not run, because those wrong command and instructions will disable or stop some normal programs from running. If the infected computer is corrupted severely by Win32.Kryptik.CMB virus, computer will take a long time to turn on or shut down, and computer even keeps crashing and going to black or blue death screen which can further damage the computer hardware as well.
Win32.Kryptik.CMB may lead to abrupt functioning of the computer and in critical case complete damage of the system. This Trojan creates new files and registry from time to time, which makes the location of the infected files difficult to locate. In some cases, it will allow this backdoor virus to hide behind system files to avoid detection of firewalls. And this infection can disable some functions like update, or start-up program from loading. Win32.Kryptik.CMBmay open a backdoor to introduce other threats such as worm, ransomware and malware. What is more, this infection may collect your browsing activities and show you related ads and programs. It also allows cyber criminals to get into the system without taking much time and they steal very important confidential and sensitive information."
Non so cosa pensare ....
Sta notte e' successo anche che il telefono non veniva riconosciuto come memoria di massa dal computer... perche' volevo trasferire tutti i file sul computer...
Allora ho deciso di mettere tutto sull'sd e poi sul computer... ho cominciato a trasferire.. e quando sono entrato nella galleria nelle foto nascoste mi sono arrivate di continuo le notifiche "usb attivato" "usb disattivato".... ho premuto velocemente la notifica, sono andato nelle informazioni e questa notifica partiva dal sistema android... non da app specifiche ... successivamente si fermo' di fare questo "goichetto" con la notifica e si cominicio' e ricaricare senza ricarica ... cioe' senza essere connesso al cavo.... ho spento il telefono ho tolto la sim (per paura che usasse la connessione dati per inviare quelle foto su internet... ma ho paura lo stesso che abbia usato la wi-fi a mia insaputa... senza far vedere il simbolo del wi-fi)
Dopo ho preso quelle foto private e le ho trasferite anch'esse sul'sd (quando ho reso visibili di nuovo quelle foto... mi si creo' di nuovo una cartella con un nome specifico con le foto dentro .... vado sull'archivio e trovo una nuova cartella che prima non avevo ... si chiamava ".hide" ... e ho subito pensato che fosse per le foto nascoste ... dopo ho trovato un altra cartella che non conoscevo ... dentro la cartella "Pictures" ho trovato un'altra cartella di nome "CM_backup" che all'interno non aveva file....
Dopo ho provato trimete odin a rimettere il firmware stock ...
Apro odin .. faccio tutti i passaggi ... si riaccende il telefono e non mi ritrovo nessun cambiamento .... le applicazioni, lo sfondo, tutte le modifiche erano uguali... non e' cambiato niente ...
Non capisco il perche'....