A Story of a Third Eye 👁

Summary:

Hi, AkashRoxstarz Again! This Blog is about the “Impact of Installing Third-party Apps in your Phone” so I will share a real incident That happened two Weeks before To my Friend When He Installed a Third-Party app on his phone which had a backdoor and Finally How we Identified it and Recovered it. so before wasting any time.

“Mark Me! You Don't need to be a Cyber investigator to solve these Problems but basic Precautions can definitely save you from big Threats and Scams”

So, My friend is a Streamer and a Pubg addict. I won’t Reveal the Name due to Privacy issue🙏, He would often be streaming pubg on Youtube. so Inorder to Stream He Installed a Streaming App from Google Chrome Instead of Installing it from Playstore.

so Wat just happened? The first Mistake which He did was He Installed it From Google Chrome(Third party app),second one was He linked His social Media Account with the Third Party app.

So, On a Fine Morning, My friend Texted me that He was getting Threat messages Through the mail. so I asked him to send it, It was as follows:

The first thing I asked him was Whether did He Clicked On any Phishing E-mails or Installed any other Third-Party Apps in recent days, The answer was No!

So My First thought was that it could be his Own Friends doing some Pranks or Spamming kinds of Stuff.so I just told him to stay Calm and Told him to change the Passwords for his social media account, just for a small precaution

But Unfortunately, He couldn’t change the Password because the Rate limit for changing the password was over for the day, which was already done by the Attacker and then He Just started Spamming OTP messages to him. Then Next mail was as follows:

1000 Crypto Coins? 😂

LOL! I Founded out that this Guy was a Script Kiddie or a Noob just trying to threaten People like this Moreover, this Guy Didn’t Anonymize Himself too, He could have been easily traced By Cyber experts and The next mail was as follows:

So continuously this guy just started to threaten by sending these types of Mail to my friend, I just said him not to reply to the mail and just report the mail as phishing, so that mail will go to the Spam tab, the Next mail was as follows:

Things started to get interesting from here, Next precaution step was I told him to install an Antivirus app from the google play store and Told him to do a full scan once so that we can find if there is any malicious file that has been installed or any other backdoors has been installed.

ok! The scan was Successful and No malicious app or file was found. but this time the Email shocked Me.

No way😮

Ok! I Just confirmed That the phone has been Installed with some backdoors. Cause once the scan was done the very next moment we received this Email. so the above emails were true, Attacker can access anything like the Camera, access Gallery like basically, the attacker has full phone control now.

BACKDOOR!

so the next thing was I instructed him was to do a Factory reset for the phone by taking a backup. cause When a phone is factory reset chances are high that The Malicious app or backdoors will also be removed. He too did the same thing, and YES! this was the next mail as follows:

Note: Backup in sense, just only the photos and documents, so that was the same condition here too!

And YES! The third-party app was also removed now! This is where we understood that it was the Streaming app that had a backdoor and This app was installed one year ago by my friend, Which means about one year the attacker has been watching all the moves by my friend and waited for the day to threaten him!

That was evil 😈

And to confirm the app has been removed successfully, I told him to check the data monitor in his phone whether any apps are running in the background and It was No! Everything was perfect! This was the final Email send by the attacker as follows:

phishing!

You could Have also seen that even antivirus also couldn't able to identify the backdoors, yes! the backdoor was an effective one though, It did not get detected when the scan was done. And like this more viruses and backdoors or getting created day by day, so don’t install any unnecessary third-party apps on your phone.

CYBER AWARENESS TIPS:

  • Avoid installing or giving your credentials in any third-party apps
  • Avoid phishing links!
  • If Your phone is installed with any virus or backdoors, take backup and do a factory reset to your phone
  • If The situation gets worst, without any hesitation file a complaint to cybercrime or approach your local police station Immediately

Let’s Get Chained! Follow me on Instagram:

https://www.instagram.com/akash_rox_starz_23/

That’s All for Today, Hit the clap button if You liked the blog :) We can meet in the next blog, until then signing off from now is master AkashroxStarz

Cheers, Be Safe🙏

Security Researcher||Ethical Hacker||Penetration Tester||Try Hack me||Bug bounty hunter||