Download S4 Mini Rootkit V1.zip
Higinia Livoti
I don't know much about malware other than a malicious individual has persistently been installing it onto my machines via malicious emails - this time targeting my iPhone 4 (which I promptly got rid of upon discovering this individual's presence and replaced with a new Samsung S4, which is probably infected as well now) first; and from there using my house Wifi network to get onto my Macbook Pro 10.8.3 (which is the machine I am on now, and the machine the results refer to); and also my Samsung Galaxy Tab 10.1; and most likely the phones and computers belonging to other members of my family are compromised as well.
I would greatly appreciate it if anybody could perhaps tell me how I can do these things. And any advice on which programmes to use for my Samsung machines and the best way to protect my devices in the future would also be greatly appreciated.
I could give you another 2000 words on other behaviours I have discovered but I think you get the point. Basically the main ones are; keys are logged, passwords are captured, time machine backups are infected, any and all drives that are connected to an infected system are immediately repartitioned with a hidden 60mb EFI boot volume so as to infect any other devices it may be connected to during a reboot, RPCs for hidden screen sharing connections appear in Console and most deceiving and destructive of all, wifi and Bluetooth are both active even when OS X shows them as disabled and even when the network device is completely removed from the network pane of system config.
My next option is to attempt a physical hardware flash of the NVRAM to a clean factory state followed by an internet recovery from an alternate internet connection or with a new modem (the technicolor gateway is a SOC device running FreeBSD so it was infected also).
I didn't see this post earlier, but note that it's extremely unlikely for all your devices to be getting infected with something all at the same time. Especially the iPhone, for which there is no known malware and no known way of hacking it remotely. (Ironic that you got rid of this for an Android phone, when Android now has the greatest market share of malware of any system on the planet, Windows included.)
Rather than worrying about what Rootkit Hunter is telling you, which is almost certainly nothing to worry about on a Mac running 10.8.3, why don't you relate the specific symptoms you have seen that have led you to believe that you are being targeted by a hacker?
I was sent a dodgy email to the old iPhone 4 which I replaced with the S4 (and I know who sends me these emails, and she also confirms to me she has access to my devices as I will explain), and I clicked on it, had a quick look at it and quickly deleted it. I am always on my guard not to click on links in suspicious emails or open attachments. But I did not know at the time that just opening them can open the door for malware to install itself onto given device, from where someone can not only install keyloggers on it, snoop on contacts etc., but also use it to attack other machines on the same network.
Shortly after I recieved and deleted the dodgy emailI I set my phone down for half an hour or so and turned back over in bed (it was very early in the morning). I couldn't get back to sleep so I reached over to phone and when I picked up I saw that it was asking me for my Wifi password. This set alarm bells ringing immediately, as I never use Wifi on my mobile unless I am out on the country. I checked and it was Wifi was off, but when I tapped Wifi and opened it, underneath it was revealed that it was actually on - same with Bluetooth etc.
I immediately switched the phone off altogether, but it was too late - the person had half an hour to crack my parents' home 10 character Wifi network from the Iphone 4 and then from it get on to both my new Macboo Pro, and a Samsung Galaxy tab which I have - which were both on, but asleep. I believe other devices in the house which aren't mine, are compromised also; because I went to use an old laptop in a spare room, and the CD/DVD drive kept opening and closing repeatedly (which it never does), and the browsers kept getting closed on me (which never happens either).
As for my devices (well I left my Macbook into the store yesterday and they did another wipe with a clean reinstall this time, so whether it is still infected or not I don't yet know - when I previously reinstalled and wiped the drive to DOD standard in my house it did nothing; and when I had tried to reinstall from a flash drive it wouldn't recognise it; it was previously shutting rootkit hunter down when it attempted to do its work; and when I was trying to search online before for ways to fix it Firefox and Safari were vanishing, as were my options to do a full recovery); definitely seriously infected.
The person even taunts me that they can see exactly what I am doing on them - they can see all my pictures; wallpapers; know what online radio stations that I listen to; read my emails; watch me playing video games; and know everything I type in my browser; and what I don't type as well via screenshots. I know this because they confirm to me. So I am 100% certain that what I am saying is correct. They can even close my browser and shut my machine down when I am browsing, and also redirect me to pages of their own choosing at will. I have even had to put a small piece of black tape over all my cameras, as if they can do all the aforementioned, then they most likely can easily spy on me sitting in my own house as well with my own cameras on the machines.
As I said I took my Macbook to the Genius Bar yestarday. They told me that this kind of stuff was beyond their scope - as did the people at the Samsung Customer Services, who were even more totally clueless as of what to do - but they wiped the drive again and did a clean reinstallation from a definitely uncontaminated source. I have yet to confirm whether this has worked or not. Rootkit Hunter has come up with lots of warnings again, but like you say, it is known for its false positives; and at least something isn't forcibly shutting the machine down now on me every time I use it - although I have probably spoken too soon in saying that as I only took it in and got the clean reinstallition yesterday.
I know this is an Apple forum, and I would welcome any more suggestions about not only making sure my Macbook is clean, and also keeping it that way, but also about anything which I can do with my Samsung Galaxy Tab 10.1 and Samsung S4 phone too - as these don't even have a hard drive, and external ones are too powerful for them to recognise. Fixing it so my devices aren't recognisable to snoopers on a network is also somewthing which I am interested in knowing how to do.
PS - the person is hundreds of miles away, so is not in range of my house Wifi network. In addition, whne I say "my house Wifi network" I really mean my parent's house Wifi network. And I most definitely don't want to cause my parents any distress by telling them about all of this. And if I were to start tampering with the router they would wonder why. So I would be extremely hesitant in doing anything concerned with the network, changing router passwords etc. I doubt it would help anyway with the devices already being infected at the minute.
I would clean install the mac computers and before taking the machines online I would turn on the firewall in 'security and privacy'. There are some decent anti-virus programs for mac machines. I have to have one installed because my college mandates it for wifi access on campus. And with all due respect to you and your parents, the kind of attack that you have described would only be possible by a state actor.
Sorry, but you are wrong. A quick search on Google and you will be able to see how complete control can be gained over iPhones with spy software - they can even be used as covert listening devices - all that needs for that is for them to be switched on.
The person installed malware on my phone; enabled Wifi; sniffed for the nearest Wifi network; cracked a 10 character password (which is easy for anyone who would want to do it); got onto the network; and then onto other devices.
I not only am certain it happened, but also know who the person is; and she is not a state actor. She merely spend some time reading up on how to do this after I had an argument with her and didn't speak to her for just over a week
I was sent a dodgy email to the old iPhone 4 [...], and I clicked on it, had a quick look at it and quickly deleted it.[...] I did not know at the time that just opening them can open the door for malware to install itself onto given device
That is absolutely not true... at least, not using the Mail app on either a Mac or an iOS device. Opening an e-mail message does not do anything that could run unauthorized code on your machine, so there's absolutely no way that any kind of malware could have been installed just by opening and viewing an e-mail message. If you opened a malicious attachment, of course, that could infect your Mac with something, but only if it somehow managed to bypass all of the Mac's built-in security. On an iPhone, the only code allowed to run must be downloaded from the App Store, so it's not possible for any code attached to an e-mail message to run.
b1e95dc632