Hey everyone.
I found a strange application yesterday evening on the Notebook of my wife which seems like a Malware.
Setup:
- Router with OpenWrt based Firmware
- 2 Notebooks (using PopOS)
- 2 Phones (using GrapheneOS)
- All connected via Ethernet
- Main Ethernet connection comes from our Landlord into my Router
- Router and all devices use MullvadVPN with LAN network sharing disabled
- All 4 devices use Mullvad’s DNS content blocking
- Also have gUFW installed on the Notebooks
My Actions:
- I check the App, which was available on the PopStore and Flathub, it seemed fishy and i disconnected all my devices from Ethernet. I backed up all files and checked them via ClamTK, all seem fine.
I reinstalled both Notebooks with a clean PopOS version and did a factory reset on my Router. - I did nothing yet with my Phones - The have not been connected to the Internet since.
Questions:
- How could this Application be on her Notebook? (And be verified on Flathub?)
- Are all devices in the Network effected?
- Do I need to factory reset my Phones as well?
3.1 Can they even access the Phones when one Notebook in the Network was effected?
3.2 Can i check Malwares on Android Phones? - Does somebody know that app? Just a Joke, Keylooger?
- If they had access to device of my wife, could they get files? Passwords? Masterpasswords?
- Any advice in my current siuation?
Here are the Screenshots of the installed App:
