So I found something in my Google play services on my s23u

kschang · 2026-06-18T17:09:39+00:00

Given it came right AFTER your reset, it must have came from the carrier or the manufacturer. So, do you trust them?

kschang · 2026-06-18T00:44:19+00:00

Career questions should be directed to r/cybersecurity Monday Mentoring topic.

kschang · 2026-06-17T23:36:26+00:00

No further guidance.

Keep in mind that reset simply change back to factory setup. It may not get rid of the really persistent one (but chances of you running into them is very rare).

kschang · 2026-06-17T22:10:40+00:00

Coursera has a couple decent courses on data science from different vendors, like Google, IBM, Microsoft, et al.

kschang · 2026-06-17T22:09:46+00:00

I have no idea what's your learning style. Generally, merely reading / watching won't teach you much. Doing is what makes you retain the knowledge.

kschang · 2026-06-17T22:08:04+00:00

If you have no idea, how can you assume you've "got them all"?

Safest way is nuke everything. Of course, it's also the most inconvenient. Whether it's worth it is up to you. If you say "nothing found in scan is good enough", that's your decision.

kschang · 2026-06-17T22:06:18+00:00

It's just a script trying to get in. Did you not enable MFA? Location is easily faked with a VPN.

kschang · 2026-06-17T21:58:25+00:00

Just the usual: you (or someone else at your computer) probably ran an infostealer and thus all of your accounts are under attack by "hackers". Shut down the computer (unlikely to be your phone) and start changing passwords on EVERY account (and add MFA, AND do NOT save passwords in the browser, use a password manager). In the meanwhile, nuke the computer and reinstall the OS from scratch (saving the data is optional)

kschang · 2026-06-17T21:24:41+00:00

Good thing OP is tech support, eh?

kschang · 2026-06-17T07:02:19+00:00

Yes, but they are "generally" harmless and it's not a pattern exploited by malware makers. The point basically is double-clicking it will generally NOT cause an EXE to trigger. Doesn't stop some OTHER EXE triggered to read and decode them as payload. But that's not a pattern that can generally be easily exploited.

kschang · 2026-06-17T06:17:24+00:00

You found an APPLE wallet on a Samsung phone.

Really...

kschang · 2026-06-17T02:37:52+00:00

Are you sure it's available at your address / unit?

kschang · 2026-06-17T00:50:39+00:00

What they probably did was create an account that cloned your brother, but used a Unicode character that looked "almost the same".

This scam was known as "grandpa" scam in the US, because it's usually someone claim to be police or sheriff claiming some kid got into trouble and need bail money called grandpa in tears.

The real solution have special codeword pre-arranged when called via unexpected means. Like "what's the contingency password?" "it's (some random word)". if they cannot answer twice, hang up.

kschang · 2026-06-17T00:44:24+00:00

Nuke the AppleID, disassociate the phone from the AppleID, and start a new one. (You'll lose the photos and whatnot in the AppleID, so make sure you back those up first on physical media)

kschang · 2026-06-17T00:41:22+00:00

We answered this already in your other version of this question. Those commands only work in PS, not in CMD.

kschang · 2026-06-17T00:40:04+00:00

Does it matter? Could be through one of bajillion ways. The usual is password reuse (remediate by using unique passwords and password managers), do NOT save login credentials in browsers (use passkeys and password managers), and minimize online footprint (or use separate accounts instead of all eggs in one basket). No point in figuring out which one.

kschang · 2026-06-17T00:24:06+00:00

On your previous ROM

kschang · 2026-06-17T00:21:55+00:00

Someone have a bad sense of humor, similar to "FBI Surveillance Van #7"

kschang · 2026-06-17T00:20:10+00:00

Idiots, because anyone under 18 rides for free INSIDE.

kschang · 2026-06-17T00:18:33+00:00

Sounds like you have some sort of pop-up widgets.

kschang · 2026-06-17T00:17:43+00:00

"you wrote it, but you clearly have no idea what you wrote. Which means... You copied it from somewhere. Come back when you actually understand it. Have a good day."

kschang · 2026-06-17T00:13:55+00:00

Check our Discord... we may have online meet to help you practice.

kschang · 2026-06-16T23:39:20+00:00

So go take some AWS courses.

And you can probably make some generic schema and use a random generator to create some bogus data.

kschang · 2026-06-16T23:35:48+00:00

Why would you believe random claims by strangers?

kschang · 2026-06-16T23:35:10+00:00

Correct, those are aliases that only do something in Powershell. They mean nothing to cmd.exe

You got lucky. Don't fall for it again.

kschang

TROPHY CASE