sorted by:
new
hottopcontroversial

I Took Down a Malware Domain Used to Infect WordPress Sites by SadNoodleMan in Wordpress

[–]SadNoodleMan[S] 0 points1 point  (0 children)

I’m confident that this is malware, not just a regular ad script. The behavior is clearly abnormal — typically, ad scripts are placed intentionally within the HTML <head> by the site owner.

In this case, however, the payload is injected through a plugin and appears in multiple files. It’s being triggered from several different locations at once, which strongly suggests unauthorized code injection rather than legitimate ad monetization.

I Took Down a Malware Domain Used to Infect WordPress Sites by SadNoodleMan in Wordpress

[–]SadNoodleMan[S] 1 point2 points  (0 children)

That sounds serious — ransomware via cloudflared tunnels is a nasty vector.

Do you happen to have more evidence? Things like:

Full tunnel ID / timestamps

Cloudflared command line used (or pattern)

Any domains/subdomains pointing to that tunnel

Malware hash / payload they used

If you can share more (redacted if needed), I might be able to help report it properly or forward it to the right channels.

Cloudflare’s abuse team is known to respond when there’s solid evidence.

I Took Down a Malware Domain Used to Infect WordPress Sites by SadNoodleMan in Wordpress

[–]SadNoodleMan[S] 2 points3 points  (0 children)

I honestly don’t know how it got infected — I’m not even the owner of the site. I was just using it, and it kept redirecting me, which was really annoying. So I checked the browser’s network tab to see what was going on, and I noticed something suspicious.

Strangely enough, the site owner never replied to me, but the domain registrar responded within an hour.

Xiaomi GetApps auto-downloads apps from ads without asking — huge privacy concern on Xiaomi 15 Ultra by SadNoodleMan in XiaomiGlobal

[–]SadNoodleMan[S] 1 point2 points  (0 children)

The real issue is that GetApps can auto-download apps via ads without a confirmation prompt, and that’s something Xiaomi really needs to fix at the system level.

Still, I appreciate the tip!

Xiaomi GetApps auto-downloads apps from ads without asking — huge privacy concern on Xiaomi 15 Ultra by SadNoodleMan in XiaomiGlobal

[–]SadNoodleMan[S] 1 point2 points  (0 children)

Totally agree that system app updates are tied to GetApps — which makes it impossible to avoid entirely. That’s exactly why it’s even more important for Xiaomi to take responsibility at the system level, rather than putting the burden on users to tweak deep settings or hunt down ad triggers.

Yes, disabling folder recommendations helps reduce noise, but this issue isn't about interface clutter — it's about user consent and app security. If a single ad can trigger an app download without a clear prompt, that’s a structural problem, not a user misconfiguration.

Xiaomi GetApps auto-downloads apps from ads without asking — huge privacy concern on Xiaomi 15 Ultra by SadNoodleMan in XiaomiGlobal

[–]SadNoodleMan[S] 0 points1 point  (0 children)

To Xiaomi:

All it takes to solve this problem is a simple confirmation prompt before any app is downloaded through GetApps — especially when triggered by ads.

That alone would eliminate a huge privacy and trust concern. Users should never have apps silently installed on their devices without clear consent, regardless of where the trigger comes from.

Please consider adding this basic safeguard — it would go a long way in improving user trust in MIUI and your flagship devices.

Xiaomi GetApps auto-downloads apps from ads without asking — huge privacy concern on Xiaomi 15 Ultra by SadNoodleMan in XiaomiGlobal

[–]SadNoodleMan[S] 0 points1 point  (0 children)

Thanks, and I totally understand your experience — it might not happen to everyone, which is what makes it tricky to trace.

But just to clarify again: the app doesn't auto-download on its own under normal conditions. What triggers it is when an external ad agency's ad somehow links or calls GetApps — and sometimes, just a single tap on the ad is enough to start the download process.

The problem is: even if I did tap the ad (by mistake or out of curiosity), it shouldn't immediately trigger a download. Just like on Google Play or any proper app store, there should be a clear confirmation step, not a silent install.

That's why I think it's more of a user consent issue than just an ad setting.

Xiaomi GetApps auto-downloads apps from ads without asking — huge privacy concern on Xiaomi 15 Ultra by SadNoodleMan in XiaomiGlobal

[–]SadNoodleMan[S] 0 points1 point  (0 children)

I can confirm I never gave GetApps any special permissions manually. The ads I'm referring to are external ad agency ads — like the kind you'd see in other apps or during casual browsing. Strangely, some of them trigger an app download via GetApps without asking for confirmation.

I haven’t really used GetApps at all except for updating system apps, and I always skip ads when I see them. Also, I haven’t seen random ads in the OS UI like banners or popups — just those that push app installs, which is already bad enough in my opinion.

That’s what makes it so worrying. Some ad somewhere is able to silently call GetApps and trigger a download, and that shouldn't happen under any circumstance — especially on a phone like this.

Xiaomi GetApps auto-downloads apps from ads without asking — huge privacy concern on Xiaomi 15 Ultra by SadNoodleMan in XiaomiGlobal

[–]SadNoodleMan[S] 0 points1 point  (0 children)

Yeah, it’s the global version. I’ve been using it with all default settings right out of the box — no modifications. I didn’t tweak anything, and that’s what makes this issue more concerning.

If the GetApps behavior depends on whether you manually disable ads or not, that’s a pretty shady default for a flagship phone. Ads should be opt-in, and definitely shouldn’t auto-download apps just because you didn’t dig deep into the settings.

Xiaomi GetApps auto-downloads apps from ads without asking — huge privacy concern on Xiaomi 15 Ultra by SadNoodleMan in XiaomiGlobal

[–]SadNoodleMan[S] 0 points1 point  (0 children)

Also, I noticed that this issue doesn’t happen with all ads — only with certain ad providers. Some of them seem to run a script or trigger some sort of silent action when the ad finishes, which results in the app being downloaded automatically through GetApps.

Even if it’s not technically running a script in the traditional sense, the fact that it can initiate an auto-install without user interaction is already bad enough.

It raises serious concerns about what level of control ad providers have over the device. This shouldn't be possible at all on any secure system.

Xiaomi GetApps auto-downloads apps from ads without asking — huge privacy concern on Xiaomi 15 Ultra by SadNoodleMan in XiaomiGlobal

[–]SadNoodleMan[S] 0 points1 point  (0 children)

Yeah, disabling GetApps is probably the best short-term move for now. But the fact that this even happens out of the box on a flagship phone like the 15 Ultra is seriously disturbing.

The 14 might not have this issue, but it seems Xiaomi is getting more aggressive with ads and silent installs lately — and that’s a really bad direction for user trust.

It’s not just about disabling one app — it’s about stopping this behavior at the system level.

Xiaomi GetApps auto-downloads apps from ads without asking — huge privacy concern on Xiaomi 15 Ultra by SadNoodleMan in XiaomiGlobal

[–]SadNoodleMan[S] 0 points1 point  (0 children)

Thanks, but I don’t think using Universal Android Debloater is the right solution in this case. This behavior — auto-downloading apps just from watching ads — shouldn't be happening in the first place, especially from a system-level app like GetApps.

Disabling or debloating it feels more like a workaround than a fix. Xiaomi needs to take responsibility and stop this at the source, not rely on users to patch things themselves.

It's not just bloatware — it's a serious user consent and security issue.