This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Massive cellphone hacks, root level, allows hacked FF download

more options

Two Oct 2017 microprocessor chipset vulnerabilities have been used on phones manufactured through July 2019, that allow Foreign Bad Actor APT groups to develop cofe, based on reverse engineered Open Source code, to download multiple apps, including browsets, GBoard and other alternative keyboards, and communications apps (Gmail, text and messaging, phone ) applications.

These copy apps run in the OS at startup (using a thumbnail hackede Opera version - but not the expected Opera Mini version for Android), and are oberved as duplicates when clearing app cache, as repeating application responses to a command. They also appear as phantom duplicate app notifications, in Rent Apps List toggles, and hidden apps in hacked desktop Launchers)

The malware payload launcher may also be appended to poorly written apps, from third party app stores, but also from malware originating from Chinese made inexpensive phones with continued 2017 chipset vulnerabilities, eg older chipsets not soft patched or replaced eith hardcoded newer code.

Therefore, we suspect tens of millions of compromised phones are in use. These phones leak small communication pack streams of scavenged user information while the phone is on, regardless of hacked Launcher UI status indicator (off) and through hacked BlueTooth and Nearby Share applications using javascript and Lineux remote toggles, that can activate and use camera and microphones to record user calls and environment.

Perhaps authenticator checks buried in code, could alert users of duplicated browsers, as all other FF privacy protections are nulled by these hijacks.

Two Oct 2017 microprocessor chipset vulnerabilities have been used on phones manufactured through July 2019, that allow Foreign Bad Actor APT groups to develop cofe, based on reverse engineered Open Source code, to download multiple apps, including browsets, GBoard and other alternative keyboards, and communications apps (Gmail, text and messaging, phone ) applications. These copy apps run in the OS at startup (using a thumbnail hackede Opera version - but not the expected Opera Mini version for Android), and are oberved as duplicates when clearing app cache, as repeating application responses to a command. They also appear as phantom duplicate app notifications, in Rent Apps List toggles, and hidden apps in hacked desktop Launchers) The malware payload launcher may also be appended to poorly written apps, from third party app stores, but also from malware originating from Chinese made inexpensive phones with continued 2017 chipset vulnerabilities, eg older chipsets not soft patched or replaced eith hardcoded newer code. Therefore, we suspect tens of millions of compromised phones are in use. These phones leak small communication pack streams of scavenged user information while the phone is on, regardless of hacked Launcher UI status indicator (off) and through hacked BlueTooth and Nearby Share applications using javascript and Lineux remote toggles, that can activate and use camera and microphones to record user calls and environment. Perhaps authenticator checks buried in code, could alert users of duplicated browsers, as all other FF privacy protections are nulled by these hijacks.

All Replies (4)

more options

Noted: persistent GBoard hack replaces selected keystrokes with near neighbors for a subset of most frequently used letters.

Notes 2: the leaked datastream is picked by via nearby IMSI devices that capture cell and data streams, that downgrade hacked phones to 2G and 3G speeds to avoid Federal authorities monitoring illegal Stingrays used by international crimq cartels for neighorhood watch and harassment campaigns..

more options

Hi

How can we help you with Firefox for Android?

more options

I am expecting something along the same lines and don't know what to do. Something has changed permissions access the browser I am in. Manipulates the functions of the phone, camera and record, some browser actions are reversed. You think you are being safe, but in fact are disabling it ripples through the phone, apps and in some reverts. I found a way to make changes on the S20 and set it for a period of time. Covertly set up do not disturb and have it revert aft of set time. It has created a nightmare. Now some apps literally work counter intuitively. Messaged come on from in from contacts, when confirmed with contacts - was not sent by them. Information, records, doc pictures all gone without a trace. Escalating rapidly. Tried factory reset a few times but it never actually wipes its in the background and stays. Even, Malware bites login suddenly changes from no connection to there is no problem or it shuts off completely. I set an alarm to tiger in scan if any problem exists. It goes off like crazy but immediately flips to say there is no problem. Don't know why else to do?

more options

jamesmconrad2020 said

I am experiencing something along the same lines and don't know what to do. Something has changed permissions to access the browser I am in. Manipulates the functions of the phone, camera and records, some browser actions are reversed. You think you are being safe, but in fact are disabling it ripples through the phone, apps and in some reverts. I found a way to make changes on the S20 and set it for a period of time. Covertly set up do not disturb and have it revert after a set time. It has created a nightmare. Now some apps literally work counter intuitively. Messages come in from from contacts, when confirmed with contacts - was not sent by them. Information, records, docs, pictures all gone without a trace. Escalating rapidly. Tried factory reset a few times but it never actually wipes its in the background and stays. Even, Malware bites login suddenly changes from no connection to there is no problem or it shuts off completely. I set an alarm to trigger in scan if any problem exists. It goes off like crazy but immediately flips to say there is no problem. Don't know why else
  • Bulleted list item