I used eset mobile Scanner. It doesn't occur anymore, or at least it didn't so far.
Also, I never enabled Data saving Mode, itvdid Happen without it. Forgot to mention, sorry.
Latest posts made by thegilroy
-
RE: m.facebook.com redirects to a russian websiteOpera for Android
-
RE: m.facebook.com redirects to a russian websiteOpera for Android
Sorry for Double Posting, but I wanted this separated. I might have found a fix, Not only a workaround.
I checked The Update history and found that my Android Assistant App has received an Update right before The First occurance of our phenomenon. So I tried several Android Virus Scanners and I found Android/domob.A within Android Assistant. This is quite smart, looking at it from The perspective of a Malware coder, hiding malicious Code within an App that natively requires pretty deep System permissions to so The Job ist's designed to. Alright, I installed eset mobile Security and just removed The Malware. At least give it a try, the only Thing that can Happen is finding malicious Software.If you find something:
Keep in Mund that a system that has been compromised should ne Seen as compromised whether you remove The Virus or don't. Your Phone is Not save anymore anderen should receive a hard reset. DON'T DO THIS ON YOUR OWN unless you know really what you are doing. You might lose Warrant and stuff.
Also, Take this as a Lesson and learn how to safely Use and secure your phones.A few Information on The Malware:
https://www.symantec.com/security_response/writeup.jsp?docid=2014-040416-4235-99Domob transmits your IMEI, your device Informations, Location, SIM-ID, GSM and Network information and many other sensible Data. The skilled Person from my Last Post can do REALLY odd stuff with this. Read about it on your own, and become an expert in The Systems you rely on.
Also sorry for the misspelling anderen stuff, I am writing this from The Toilet at Work and don't have time for Double checking. Excuse me.
-
RE: m.facebook.com redirects to a russian websiteOpera for Android
Well, didn't work out. I couldn't reproduce it yesterday. I can't even force a connection via http instead of https, which makes it really hard to reproduce it on purpose, when I want it to happen.
Nevertheless, this looks like some kind of DNS bamboozle to me.
It is pretty obvious that the Domain isn't resolved correctly, this indicates either a corrupted DNS Server, a DNS poisoning on the mobile phone or a DNS spoofing attack. I'm pretty sure that it is not the latter, because DNS spoofing on GSM requires really much work and hardware, making it pretty unlikely. Also, I think that facebook is using own DNS servers, so I'm assuming that they would be aware if a server would misbehave, and take efforts to fix it within a few hours.
Leaving me with the conclusion that it's a DNS poisoning, either replacing the DNS server adress for http://m.facebook.com with the one of tabor.ru (on the phone, which you might call a virus infection) or replacing the IP adress of facebook.com with the one of tabor.ru when connecting via http to the DNS server, making it an attack on the DNS server side.We all should be aware that this is a security risk. Basically, we are sending our login data via an insecure or currupted DNS server, making it an easy target for a skilled person, and a potential risk of identity theft and stuff. Even if what we are experiencing is not an attempt of identity theft itself, but only a mostly harmless - yet aggressive - form of spam, don't forget about the fact that everyone in this thread including myself is yelling "My phone is not secure!" out into the internet.
-
RE: m.facebook.com redirects to a russian websiteOpera for Android
Having The Same issue on Galaxy S5. Android 6.0.1 no root.
First I suspected some Kind of DNS poisoning. When this First happened, my xmpp Client could Not Connect properly, supporting My theory. But it also happened via GSM mobile Internet, making at least MITM pretty unlikely. And I can Work around by explicitly connecting via HTTPS. I'm going to reproduce it while Monitoring my Network, maybe I can find Out further information.