• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

Question Fraudulent credit card transaction after installing ported TWRP and xiaomi.eu ROM. Malware in TWRP bootloader?

Search This thread

venomus001

Senior Member
Nov 25, 2013
222
51
OnePlus 3T
Xiaomi Mi 8
I failed to understand how this happened. No one has my credit card details or access to my phone. My phone is NOT rooted, no apps installed from malicious sources. Only 5 apps have read SMS permission and all were installed from playstore - Amazon, Flipkart, Gpay, Swiggy, Whatsapp.
always download from official websites, threads on XDA are scanned for any malicious links, android is very safe unless u have a malicious app pushed in ur system apps, always check ur app list for unnamed weird-looking apps, as for windows it has never and will never be safe it's designed like that.
 
  • Like
Reactions: Raunaksaha2008

Illia12

Member
Nov 29, 2021
7
1
United Kingdom
After installing the ported TWRP and xiaomi.eu ROM there was a fraudulent transaction on my credit card , recently I took a loan from an American company https://loans4usa.com/ but they have presented all the evidence denied the charges , how to find the perpetrator or what to do?
 
Last edited:

voetbalremco

Inactive Recognized Developer
Jan 6, 2012
4,623
1,879
gelderland

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    Hello everyone,
    I would like to share something with you.
    I got a Mi 11X and unlocked the bootloader officially. The Phone uses a A/B partition system making installation of bootloader and custom ROM little difficult.
    I used RUN_TWRP_Toolkit downloaded from here.

    I downloaded xiaomi.eu from official site and installed.
    Everything was going well until i received a couple of messages from my bank on 15/10/21 about my credit card being used for 4 transactions over a period of 4 mins.
    IMG_20211015_011740.jpg
    IMG_20211015_011801.jpg


    I blocked my card and spoke with the bank. Apparently the transactions WERE authorized using OTP received on my phone. They were for the exact same amount and occurred within a span of few mins as evident from this email I received from Axis bank.

    1634289142597.png


    I failed to understand how this happened. No one has my credit card details or access to my phone. My phone is NOT rooted, no apps installed from malicious sources. Only 5 apps have read SMS permission and all were installed from playstore - Amazon, Flipkart, Gpay, Swiggy, Whatsapp.

    I was wondering if someone could shed some light on this issue. I also doubt whether the TWRP installed has something to do with this and whether its possible that it has some malicious code installed? Can anyone like scan the file?

    Any help would be greatly appreciated.
    Thank you
    2
    Theoretically fake twrp can install apk, spywares etc.. I will look at this image
    .maybe found something
    2
    Virus scan did find some trojans with severe risk. I scanned with defender + offline scan + Malwarebytes. The threats could be removed and subsequent scans didn't find anything else. I don't think there's any threat anymore.
    The worst ones are the ones you can't detect because there's no definition or they can evade detection. Once a hacker gains access they can download other nastier payloads. Worse if they get into the database they can implant malicious scripts.
    It's one thing to find a trojan preloader that's still dormant as opposed to one that's active. The former can be safely removed, neutralizing it. The later maybe, maybe not.

    If I find or suspect an active virus or rootkit, it's reload time, that day. I isolate that device and it's database from my backups until proven clean. The worst damage it can do is breach the backup databases. Not acceptable... so I nuke the load with extreme prejudice to confine the damage. Malicious scripted jpegs that damage the folder their in can be cleaned up once you delete the jpeg(s). I never had any antivirus detect them... wysiwyg. Had one on my Android about 2 years ago. Had one on XPpro about 15 years ago.

    Pie and above is pretty secure unless you download or install the malware. Windows not as much... I keep my PC offline.
    Never underestimate a hacker's resourcefulness, overkill is best.
    2
    There is no official twrp for Poco f3/redmi k40/mi 11x.
    no, but people use the twrp img posted on this forum and flash it manually instead of using that toolkit you linked, which I've never seen before until now. pretty sure the image/script included in that toolkit has been injected with malicious code.
    2
    I would strongly advice not to download anything outside xda forums. XDA had many good devs out here that had many experience to detect threats as such fraud.