Hello everyone,
I just saw this scary article https://www.malwarebytes.com/blog/news/2023/01/preinstalled-malware-infested-t95-tv-box-from-amazon and https://github.com/DesktopECHO/T95-H616-Malware, and I wonder if you know whether some other boxes have the same malware ?
Have you tested on your box ?
Cheers!
There is not a single device with stock firmware that does not have some unwanted component.
There's a gap between unwanted and proved malware
Does this difference make you feel better when there is an unwanted element and worse when there is malware?
Even when the action is identical, but you don't even know it?
Related
Hey all,
I'm the proud owner of a Samsung Nexus S (sadly the i9020a model, though). I was forced against my will at gun point by someone named Jealousy to install ICS (4.0.4) on my i9020a when it was released for all other Nexus S devices except for the US AT&T version of the phone.
Anyway, love the ICS and absolutely love the ROM I'm using (Brainmaster's stock ICS, w/ Supercharger V6 and a number of other goodies). But I was a bit confused today when I opened my phone and noticed a recently downloaded APK called "update.apk". Looking at it's info, it's name is "com.android.fixed.update" with no author, developer, and minimum version of 0. It weighs roughly 40kb and is not associated with the market, so I'm going to have to disable my "Market-only" settings in order to install it, otherwise it was about to install itself.
I was wonder what it might be. With no other information, I'm a bit hesitant to install it. The only permissions it asks for is Network Access and Start on Boot.
I thought just maybe it was an OTA from a developer (maybe even Brainmaster) but I wasn't exactly sure what kind of access or ability non-service providers had to OTA functionality and what not. (I suppose, if it can probably be modified with some effort, seeing as the source is available...)
Anyway, hoping to hear your thoughts on it. Google showed ONE result for "com.android.fixed.update" and that's it. Thanks for your input in advance!
We also got the same file on our Moto Xoom, I believe its a virus so do not install it. The file was downloaded at biandroid (dot) info which is definitely not associated with android.com
http://anonhq.com/notcompatible-back-market/
that is the explanation
Back in 2012 malware called Not Compatible was haunting android devices. Now more powerful than ever the latest version of NotCompatible.C has its own self protected encryption. Thus making this program difficult to find and delete.
Lookout Inc, a mobile security firm says that this version of the malware is a threat on a massive scale. Once in it has the tendency to control and hack data. It is an advance form of malware that can be seen on a PC a botnet so powerful that it has a server design architecture, P2P communications and as previously said encryption capabilities.
The programming of the malware is one of the hardest to kill malware that we have observed. Once the malware is installed it does not appear on the android operating system as it keeps itself in the background. It only works when the device is unlocked by the user or if it is restarted.
view
Source: Imgur
The only way you can find out is through Manage Applications>Settings. This will show you that an application by the long name of (com.andriod.fixed.update) is running. All you need to do is simply uninstall it.
Hello everyone.
I've just came up with this thought and I wanted to share it with you. We always hear about how Android is more prone to malware than, say, iOS.
But I'd like to know why. I'm pretty sure that, before releasing an app on the Market (oops, Play Store!), Google makes a thorough validation of it. I find it difficult to believe that Google's guidelines are less stringent than Apple's.
Why, then, or better, whence the malware?
The best answer I could give myself is that malevolent apps are modified versions of pirated software that people download from the Internet. Like, a guy downloads the pirated version of Plant versus Zombies thinking that it's going to be the exact replica of the original (paid) version, but inside the downloaded app there's actually a malevolent piece of code that, then, ends on the webzines.
Hence, two questions for you guys:
Where's the Android malware coming from?
How can Google stop it?
Thank you a lot for your attention, I hope the answers will be numerous!
UltimateGoblin said:
malevolent apps are modified versions of pirated software that people download from the Internet
Click to expand...
Click to collapse
Well, I've never seen malware that was made from an actual app. They are usually small separate apps with familiar icon or name and (sometimes) tons of temp files so that Asphalt7.apk won't be the size of 123 kb.
I'm not sure that Google checks anything before people report about it. There are numerous hello world apps there
Because androids source code can be seen by anyone it makes android an easier target than ios who keep their code a secret.
Google run a general check, they call their software "bouncer", but if the apps don't do anything suspicious until on an actual device it can miss the malware.
How could they stop all malware? They can't, even the very closed ios cannot stop all malware, but the user has ultimate control because we can see exactly what apps can access before installing them and so it makes it easier to spot suspect apps.
Dave
( http://www.google.com/producer/editions/CAownKXmAQ/bigfatuniverse )
Sent from my LG P920 using Tapatalk 2
Hello,
I just purchased an Alcatel one touch snap 7025x Android 4.2 Smartphone.
I noticed a chinese process in the process log that got major permissions to just do anything in the phone.
Attached is the image as I need someone who reads chinese to translate the word and it's meaning as I have no clue what does it mean?
I fear that it is a spying software been injected by the company Alcatel-TCL to spy on the users.
Please provide feedback on the case and if the process exists on other phones.
s23.postimg dot org/lrjp5d7gr/Screenshot_2013_11_08_14_14_05.png
replace dot with . to see the image
ask82 said:
Hello,
I just purchased an Alcatel one touch snap 7025x Android 4.2 Smartphone.
I noticed a chinese process in the process log that got major permissions to just do anything in the phone.
Attached is the image as I need someone who reads chinese to translate the word and it's meaning as I have no clue what does it mean?
I fear that it is a spying software been injected by the company Alcatel-TCL to spy on the users.
Please provide feedback on the case and if the process exists on other phones.
s23.postimg dot org/lrjp5d7gr/Screenshot_2013_11_08_14_14_05.png
replace dot with . to see the image
Click to expand...
Click to collapse
Hello. I have the same phone and the same process running as you do.
After an painfull search i have found that it has something to do with battery charging mode. And the reason why it has so many permissions is that due to performance, that process is run together with a bunch of other core processes. (you can check this by acessing the process detail on your phone).
Here what i have found, translation wise. Hope it helps
www dot mdbg dot net/chindict/chindict.php?page=worddict&wdrst=1&wdqb=工程充电模式
Years ago I bought a cheap and powerful rugged phone to use it as a navigation tool on my motorcycle.
A view months ago it began that the phone sporadicly opens up add websites in the chrome browser. This happens about once a day.
I read that the manufacturer is not trustworthy and DooGee delivered some firmware updates with trojan sw. So I guess in the best case DooGee tries to do some extra money by showing me adds. They may installed a backdoor that now opens these websites.
I don't make security critical things on this device but still I want to get rid of these adds. It's annoying to drive with the bike and navigate and then the navigation software is hidden because of these useless adds.
I do have root on this device using an older version of magisk.
I have Titanium Backup and theoretically I would be able to disable all processes / apps if I would know the name of the app.
But I don't know how I can find out which process is the originator of these adds.
I disabled the chrome browser but I guess there is an other process that just shows the website in chrome. So it may not be chrome browser's fault?!
And the list of all apps is long because I have to suspect the system apps also.
I tried some virus scanners from play store but they all found nothing. Useless apps...
Hope someone here can help.
Any idea for a good strategy how to find the bad app or process?
Any tool recommendation that may can find it?
Thanks.
Try Malwarebytes for your mobile device.
fpdragon said:
Any idea for a good strategy how to find the bad app or process?
Any tool recommendation that may can find it?
Click to expand...
Click to collapse
Boot device into Safe Mode: You'll see "Safe mode" at the bottom of your screen
One by one, remove recently downloaded apps.
Tip: To remember the apps that you remove so that you can add them back, make a list.
After each removal, restart your device normally. See whether removing that app solved the problem.
jwoegerbauer said:
Boot device into Safe Mode: You'll see "Safe mode" at the bottom of your screen
One by one, remove recently downloaded apps.
Tip: To remember the apps that you remove so that you can add them back, make a list.
After each removal, restart your device normally. See whether removing that app solved the problem.
Click to expand...
Click to collapse
I am pretty sure that I don't downloaded any app that throws the adds. It must be something that comes from DooGee.
Bernal79 said:
mcafee will help to get rid of the malware
Click to expand...
Click to collapse
mcafee has not found anything
James_Watson said:
Try Malwarebytes for your mobile device.
Click to expand...
Click to collapse
malwarebytes has not found anything
However, thanks for the recommendation.
fpdragon said:
mcafee has not found anything
malwarebytes has not found anything
Click to expand...
Click to collapse
Not surprising me.
Malicious software comes in several flavors, distinguished primarily by their method of propagation. The two most pervasive forms are viruses and worms. A virus attaches itself to an existing program such that, when that program is executed, bad things happen. Like a biological virus, it cannot live without a host. In contrast, a worm is an independent program that reproduces itself without requiring a host program. Depending on the form, a worm may be able to propagate without any action on the victim's part. Most malicious software today consists of worms rather than viruses.
Worms and viruses require slightly different protection mechanisms because of their different propagation methods. A virus scanner operates by searching for the signatures of known viruses. A signature is a characteristic pattern that occurs in every copy of a virus. It might be a string of characters, such as a message that the virus will display on the screen when activated, or it might be binary computer code or even a particular bit of data that is embedded in the virus. These patterns are identified by technicians at organizations specializing in computer security and are then made available on security Web sites. Virus scanners can then download the patterns to bring their internal pattern lists up to date.
An Antivirus software is checking your Android devices's apps and comparing them to known types of malware ( viruses & worms). It will also scan your Android device for behaviors that may signal the presence of a new, unknown malware. Typically, Antivirus software uses all of these 3 detection processes:
Specific Detection – This works by looking for known malware by a specific set of characteristics.
Generic Detection – This process looks for malware that are variants of known “families,” or malware related by a common codebase.
Heuristic Detection – This process scans for previously unknown viruses by looking for known suspicious behavior or file structures.
Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. Trojans must spread through user interaction such as opening an email attachment or downloading and running a file from the Internet.
IMHO Android itself is a pretty secure operating system.
jwoegerbauer said:
Not surprising me.
Malicious software comes in several flavors, distinguished primarily by their method of propagation. The two most pervasive forms are viruses and worms. A virus attaches itself to an existing program such that, when that program is executed, bad things happen. Like a biological virus, it cannot live without a host. In contrast, a worm is an independent program that reproduces itself without requiring a host program. Depending on the form, a worm may be able to propagate without any action on the victim's part. Most malicious software today consists of worms rather than viruses.
Worms and viruses require slightly different protection mechanisms because of their different propagation methods. A virus scanner operates by searching for the signatures of known viruses. A signature is a characteristic pattern that occurs in every copy of a virus. It might be a string of characters, such as a message that the virus will display on the screen when activated, or it might be binary computer code or even a particular bit of data that is embedded in the virus. These patterns are identified by technicians at organizations specializing in computer security and are then made available on security Web sites. Virus scanners can then download the patterns to bring their internal pattern lists up to date.
An Antivirus software is checking your Android devices's apps and comparing them to known types of malware ( viruses & worms). It will also scan your Android device for behaviors that may signal the presence of a new, unknown malware. Typically, Antivirus software uses all of these 3 detection processes:
Specific Detection – This works by looking for known malware by a specific set of characteristics.
Generic Detection – This process looks for malware that are variants of known “families,” or malware related by a common codebase.
Heuristic Detection – This process scans for previously unknown viruses by looking for known suspicious behavior or file structures.
Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate. Trojans must spread through user interaction such as opening an email attachment or downloading and running a file from the Internet.
IMHO Android itself is a pretty secure operating system.
Click to expand...
Click to collapse
Thank you for the good explanation. But how can I track down the originator of the popup adds?
I would expect that the originator of the adds runs as a system app. If I could find out which system app does this and It's functions is not neccessary (eg system update or something) then I could kill and remove it.
BTW, after disabling the chrome browser it seems that there are no popup adds any more. For two days no more adds. I guess this is because I removed the last browser from the system and now the adds can't be opend? But still it would be cool to track down the application that opens the adds if I need a browser one time.
fpdragon said:
Thank you for the good explanation. But how can I track down the originator of the popup adds?
I would expect that the originator of the adds runs as a system app. If I could find out which system app does this and It's functions is not neccessary (eg system update or something) then I could kill and remove it.
BTW, after disabling the chrome browser it seems that there are no popup adds any more. For two days no more adds. I guess this is because I removed the last browser from the system and now the adds can't be opend? But still it would be cool to track down the application that opens the adds if I need a browser one time.
Click to expand...
Click to collapse
It seems that you have turned on notification from a website in chrome. Clear chrome browsing data. Re-enable chrome. And check whether you receive any adds or not.
Hello all, I recently switched from iPhone to an S21 Ultra and have been loving it so far.
I was wondering if there was a way to encrypt certain apps (mainly financial sort of apps) and everything related to them to help protect against malicious intent (leaky / buggy applications scare me) or perhaps prevent it from being accessed? I've thought of a sandbox or something of that nature, but not *exactly* what I had in mind. My device is currently rooted as well.
Thanks everyone.