@Tech Support & Applicable Corporate Departments

BirdyJ — Mon, 06 Apr 2026 18:27:13 GMT

Hello,

A recurring, long-running incident web assets hosted via Amazon S3 / CloudFront are distributing malware, forcibly changing users' browser home pages to use http by default, and appear to be conducting phishing and credential harvesting.

Affected users include purchasers of brand-new devices sold at a major network operator corporate retail store; devices exhibit persistent, preinstalled behavior that survives clearing browser/storage, factory reset, and network changes. Immediate replacement and remediation requested.

A summary of observations of events is provided below:

1) Since purchase at retail store the Malicious URL(s) appear as http:// and https:// with embedded redirects. The website implies service providers (i.e., ‘ml.t-mobile and dot com’). The backend data indicates otherwise.

2) Observed host replacement redirect logic use referencing specific prompts (e.g., vite source hosts%, etc.) serving as placeholders and capable of location replacement.

3) Use of local storage keys requiring Java for infiltration.

4) Brand-new devices purchased at a major network operator corporate retail store, out of the box presented default browser home pages set to http across browsers and persist after clearing browser settings, cache, and storage.

4) Home pages continue to collect cookies despite user-denied permissions and denied cookie prompts.

5) Ads, shortcodes, preinstalled bloatware, and multiple games were present and are persistent across resets; several preinstalled apps and interfaces are outdated and deployment of pay framework as applications, decommissioned for use by US consumers (Google Pay), is persistent.

6) User identified lack of data integrity and likely vulnerabilities in preinstalled certificates. These include information indicating certs expired at retail, some missing and inaccurate information, every single cert presents declared sha1 values and are outdated per industry standards. Sha256 values and public key values remain questionable.

7) Device APN defaults to an MVNO configuration despite originating from confirmed MNO corporate retail store at purchase.

😎 Changing service provider/ networks produces no feasible remediation. Consumer moved to new network after receiving no credible or feasible solution from service provider, neither corporate or retail store, and remains with a defective device. Concerns for product put to market are ongoing.

9) Neither the OS, network, or application updates have resolved persistent default-to-http behavior, ongoing ad saturation, or questionable operating environments and email legitimacy. User information security and privacy are ongoing concerns, despite efforts to mitigate risks.

10) End users are limited to address impeded core functionality as Content Manger deploys unstable configuration deemed security updates that do not resolve underlying defects.

11) Saturation of ads obscures content visibility. Persistent unknown apps, unwanted recommended apps and configurations appear ongoing. User consent is disregarded. (NOTE: EULA is poorly constructed).

12) User attempts (clearing browser settings, denying cookies, developer-mode changes) have limited or no effect; homepage/settings revert or seem to remain compromised. Actual domains, operating environments cannot be confirmed. User is concerned for consumers and B2B, as devices indicates preinstalled Enterprise configurations. Risks cannot be understated.

13) Observed deployed hidden file downloads indicating search for legacy Microsoft skydrive.

Re: @Tech Support & Applicable Corporate Departments

buggymarie — Mon, 06 Apr 2026 21:01:34 GMT

You've listed many similarities to my frustrations with my s23.

One major issue I'm experiencing is the "Software Updates" in "Settings" is missing. After researching, I discovered it's deeply hidden. To choose Updates or to Stop, Select Schedule Updates, are all unavailable. This causes major problems.

I've found other domains in Settings either missing, labels changed to hide actual helpful domains.

Every time an update occurs, my entire phone becomes changed, even causing defects.

I've lost Contacts information, Apps removed and many unwanted Apps installed, Widgets moved around, entire look of pages and fonts, etc changed...

Why does Google with Galaxy Samsung continuously get away with these unethical if not illegal practices?

Re: @Tech Support & Applicable Corporate Departments

ALEXANDER154 — Mon, 06 Apr 2026 22:23:07 GMT

Send replacement current hike stadium nearby

Re: @Tech Support & Applicable Corporate Departments

ALEXANDER154 — Mon, 06 Apr 2026 22:24:15 GMT

Huh say what unethical who me no time for this by

Re: @Tech Support & Applicable Corporate Departments

userXFiZbV5by4 — Tue, 07 Apr 2026 02:54:54 GMT

I have that issue I'm tired boot loader is in user test keys need firmware update

topic @Tech Support & Applicable Corporate Departments in Galaxy S25

@Tech Support & Applicable Corporate Departments

Re: @Tech Support & Applicable Corporate Departments

Re: @Tech Support & Applicable Corporate Departments

Re: @Tech Support & Applicable Corporate Departments

Re: @Tech Support & Applicable Corporate Departments