mbam_mtbr

@Mahadev, Another idea. It could be tied to the Google Launcher. It will be listed in our apps simply as Google. It's worth clearing its cache as well. Nathan

Thanks @aniytik. I was just wondering how deep of a factory reset does the trick. Nathan

Hi @Hamilton18, Install Malwarebytes for Android. It will be the 30-day free trial version, but you can use a license key once installed. After installation, you can use the key to activate: Activate Malwarebytes Premium on Android device Nathan

@aniytik, When you did a factory reset, did you also go through the process of booting into recovery mode and clearing the partition cache? Nathan

Thanks for the info @aniytik. @Mahadev there is also a big relation with Google PLAY in all of this. Perhaps try clearing the cache of Google PLAY? It almost seems like a very, very deep javascript redirect not dependent on a browser. Clearing cache has helped people, but what exact cache needs to be cleared is big question. I'll keep on looking for answers, Nathan

Hi @Mahadev, Lets try another approach. There are some on the Reddit forum stating they are finding hidden files in there Downloads directory. Lets see if happen to have any of these. Apps > Downloads Press three dots in upper right & then press Show internal storage (this option may or may not exist) Look for files that begin with .com.google.Chrome.<random characters> Let me know if these exist, Nathan

Hi @JonDB, The best way to check what your apps are potentially capable of doing is to use our Privacy audit: Open Malwarebytes. Tap the menu icon . Scroll down to Privacy audit. Hope this helps! Nathan

Hi @Hamilton18, Did you buy a license for multiple devices, and just wanted to use a license key with Malwarebytes for Android? Nathan

Hi @Mahadev, I'm still looking into your case, but yes, I would definitely either uninstall or try clearing it's cache. I would be interested to see if just clearing the data/cache of this app does the trick. However, I think there's probably Batmobi hidden somewhere in it's code, I just haven't found it yet. Nathan

Thanks @Grimlich! I'll 98% sure that's the culprit. Nathan

Update. I created detection Android/Adware.BatMobi.SnapMango for the following: com.snaptube.premium Snaptube It will be detected in future database versions. Nathan

Hi @Brianwc, @Grimlich, @bud11, @imma, @77Vero, @Mahadev, So far, here are my findings. It appears there is a correlation with the third party APK site en.uptodown.com. Furthermore, m.novelcamp.net and other sites seen are all related to a the site BatMobi. There is actually a direct reference to BatMobi in the app package name: com.rahul.videoderbeta app name: Videoder Video Downloader ( @Brianwc). I was able to create a detection for this — Android/Adware.BatMobi.NC. However, others don't have this app, and I have yet to find detections — don't worry, I'm working hard to find something. In the meantime, if you have any of these apps, I suggest uninstalling to see if it fixes the issue: com.snaptube.premium Snaptube @imma devian.tubemate.v3 TubeMate @Mahadev Anything else downloades/installed from en.uptodown.com — especially under category Video and Audio Downloaders If you are hesitate to uninstall, it also may be worth trying to clear the cache on these apps as they all have built in browsers. This could explain why clearing the cache on Google Chrome doesn't work, because the stored info causing the pop ups may be within these browsers instead. Worth a try! I'll keep working away at this issue. Please let me know if any of this works, Nathan

@Brianwc, Yeah, I saw that not everyone had exactly videoder, but they could have another third party app that has the same Ad SDK causing the issue. I installed it onto a test device to see if the pop ups start. I'll keep researching it. Nathan

Hi @Brianwc, Yes, I've see the reddit thread as well. Looking deeper into the thread, it appears that there is a connection with this app: com.rahul.videoderbeta Videoder Video Downloader I would try uninstalling this. I'm going to do some deeper research into this app as well. Nathan

Hi @Brianwc, @Grimlich, @bud11, @imma, @77Vero, @Mahadev, I working hard to try to find a solution for all of you. Looking at two different Apps Reports which list all the apps on a device, I'm not finding any red flags of your typical Adware. Let's try a couple of things to see if it solves the issues. Go to Settings > Apps > Chrome In the App info, go to Storage Press Clear Cache Press Manage Space Press Manage under All site storage, including cookies and other locally stored data Two options here: Press Clear Site Storage... to clear all site data Find the offending site(s) (m.novelcamp.net) and click on it in list Press Clear & Reset Let me know if this works for anyone. Also, if you like to send me an Apps Report and already haven't, that would be very helpful. To send an Apps Report with Malwarebytes for Android use the following instructions. 1.Open the Malwarebytes for Android app. 2.Tap the Menu icon. 3. Tap Your apps. 4. Tap three lines icon in upper right corner. 5. Tap Send to support Choose an email app to send Apps Report. Your email app will open with the Apps Report included. Send the Apps Report to create a ticket. Private Message (PM) me the email used and/or the ticket number assigned. I understand this is frustrating for all of you. Trust me, it's frustrating for me as well, and I'm doing my best to find a solution. Nathan