⚠️Urgent: Phone Hacking Scam on Telegram - Malicious Magisk Module Warning
This scammer on Telegram [UID 1878505335] is spreading a dangerous Magisk module to 'https://t.me/must_have_stuff/5904/79405' rel='nofollow'>hack/destroy phones and demand money. (stoplamers gang)
What Happened:
• [UID 7576386418] Victim Ganesh's phone was hacked via Scammer's module.
• Scammer demanded $100, threatening to destroy the phone if they didn't pay.
• This guy alerted me to this scam.
• I went undercover to investigate how it works
• Scammer gets full access to your phone (data, messages, photos, chats etc.)
• Scammer can steal your data and money.
• Scammer can lock or destroy your phone. (he remotely 'https://t.me/must_have_stuff/5904/79661' rel='nofollow'>destroyed victim's device making it unbootable)
• You will be blackmailed.
Stay safe and share this information with your friends to help stop these scams!
~ Regards // Mona
Credit: @MeowRedirect
This scammer on Telegram [UID 1878505335] is spreading a dangerous Magisk module to 'https://t.me/must_have_stuff/5904/79405' rel='nofollow'>hack/destroy phones and demand money. (stoplamers gang)
[See Screenshot 1- CHAT BETWEEN SCAMMER & VICTIM]
What Happened:
• [UID 7576386418] Victim Ganesh's phone was hacked via Scammer's module.
• Scammer demanded $100, threatening to destroy the phone if they didn't pay.
• This guy alerted me to this scam.
• I went undercover to investigate how it works
'https://t.me/must_have_stuff/79308/79309' rel='nofollow'>[See Screenshot 2- CHAT BETWEEN SCAMMER & Investigator] MUST READ
Here's how it went down:
There were only two things needed: "Zygisk" and the "virus module" (click to read more)
I was really surprised to find out it didn't even require a restart. Once you flashed it, it was basically done.
So I contacted the person and, pretending to be someone else, said I wanted to access my girlfriend's phone. I acted like a nibba & He seemed to believe my story and sent me the module.
To see how it works, I needed to install it. Instead of using the real module, 'https://t.me/must_have_stuff/5904/79297' rel='nofollow'>I made two fake modules. I just copied module.prop file from his module, repacked it with my update binary, and flashed it using "kernel su".
The person was then trying to do things to my phone, but nothing was happening.😭🤣 I was just watching it and was really laughing hard because it wasn't working. Then he sent commands to run in the terminal, related to the service.sh file inside his module. Since I hadn’t installed the original module, the commands didn't do anything. He then seemed confused and started asking for my Android and kernel versions😂. Finally, he sent something I wouldn’t run as it was an obvious privacy concern. So, I've decided to just hold on to things for now since I have enough evidence
What Happens If You Flash This Module?:
• Scammer gets full access to your phone (data, messages, photos, chats etc.)
• Scammer can steal your data and money.
• Scammer can lock or destroy your phone. (he remotely 'https://t.me/must_have_stuff/5904/79661' rel='nofollow'>destroyed victim's device making it unbootable)
• You will be blackmailed.
- Moral from this incident
• Do not flash modules from unknown sources
• Only use trusted modules.
• Be suspicious of free or "too good to be true" modules.
• Research modules before installing.
Stay safe and share this information with your friends to help stop these scams!
~ Regards // Mona
Credit: @MeowRedirect