ATTENTION: SMS Matrix labeled "Suspicious" per VirusTotal - several flags raised upon APK scan

[boognish-rising]

Not sure if this is cause for concern or not as I haven't yet had a chance to dig deeper into the claims or determine whether the "suspicious" label given to SMS Matrix upon scanning with VirusTotal is deserved but in the interim, I figured I'd put this here so that if an opportunity presents itself for someone else that has the time/ability to do so sooner than I'm able to and/or to bring to maintainer's attention (unless it's completely abandoned, in which case if the suspicions prove legit, would effectively serve as a death sentence IMO)

Let me know if you find one way or another and I'll amend this issue/post accordingly:

[mailto:paulson@paulson.anonaddy.com](email me)

https://www.virustotal.com/en/file/728c35b687316efaec204509444ff37b0f14a2fb1156ef6573266427a7618bd4/analysis/ #VTMobile

[natzki]

I have installed and used this app 2 days ago, though I missed out the most important aspects that not just sms are unencrypted, but pretty much the credentials, usernames, device name, "suggested to use your own" homeserver address as well.

I recieved a threat removal alarm from windows defender just recently, I couldn't attribute it to something different, it its the only things that could leak this data and especially attack me out of nowehere without internet connection on my PC, with app protection and smart screen were instantly disabled before the service was immediately removed. Had to enable protection manually, threat level was "severe" and this is the first time this has happened practically ever.

I don't know if its this app, I only had it set up 2 days ago and logged into element on pc just once with that account, but also used another matrix account which is on 4 devices in total...

Please treat with extreme caution and do not use credentials used anywhere else. Might use a VPN to hide your IP, and isolate/sandbox the matrix bridge bot if you don't want to risk compromise (one way or another).

hoping the info is valuable for others

[G2G2G2G]

this thread is hilarious eye into the winbaby's average life. Why do you kind of people even bother using computers?

natzki's post literally makes no sense. You'd need a PhD to decipher that crap.

Anyway here it is on f droid which is generally reviewed https://f-droid.org/en/packages/eu.droogers.smsmatrix/ Go in the source and link to your trojan.. the code base for this app isn't that big. That trojan, by name, is because it can send/read SMS messages...

[boognish-rising]

Ok, dipshit. I literally opened my comment and this thread with, "not sure if this is cause for concern or not [...]"

What do you suppose that could mean? Do you think it's possible that I was leaving room for the "suspicious" label to be unwarranted and therefore not cause for concern? Let's see if anything else supports that notion, shall we, smart guy?

Oh hey! What do you know? The very next thing I said happened to be, "as I haven't yet had a chance to dig deeper into the claims or determine whether the "suspicious" label given to SMS Matrix upon scanning with VirusTotal is deserved"

You seem to have a handle on everything. What do you think those words strung together in the order that they were mean, buddy? Bc judging by your comment, one would think that this is all wide open for debate. However, it looks to me like you're just a dipshit and like to hear yourself talk because in no world could one read what I wrote and arrive at the conclusion that you did, which motivated you to spew a bunch of nonsensical bullshit.

It's all good though. Your comment isn't completely worthless; it provides a nice window into the life of a troll. I've always been fascinated by those creatures. (psst - I think this is the turn of phrase you were going for when you said, "this thread is hilarious eye into the winbaby's average life." because that shit just doesn't make sense on multiple levels. What kind of troll doesn't know how to troll properly?)

PS - wtf is a winbaby? I think you were going for whiny baby... maybe? I don't know because you were way off and it's anybody's guess what the fuck you're on about. As far as a casual onlooker can tell, you're either out of your element all the time or just when you post comments on GitHub because there was literally zero justification for your comment and yet, when it was all said and done you thought, "Yeah, why don't I go ahead and say these stupid-ass words. They'll surely resonate with somebody."

Dumbass

[tijder]

I'm closing this issue. Its becoming to off topic. I don't see any security problems. Only that it is using sms permissions.