Jump to content

mbam_mtbr

Staff
  • Content Count

    554
  • Joined

  • Last visited

Everything posted by mbam_mtbr

  1. Hi @jansen, Thanks for bringing this to our attention. This will be detected as Android/Adware.RXDroid in future database versions. Unfortunately, it's unrelated to the ad issues we have been having here. BUT, I'm getting a lot closer and hoping to find time to do some work on it soon here. Nathan
  2. Hi Everyone, Just wanted to let everyone know I'm still looking into all the many layers of this issue. Just wondering though, are people still having this issue? It seems that for some it just went dark — suddenly no more ads. Nathan
  3. Hi @jansen, The developers aren't necessarily at fault. It's not uncommon to add an Ad SDK to an app to help create revenue when the app is free. I think BatMobi just started acting aggressively out of the blue. This would explain why developers are unaware, and why many antimalware vendors don't detect. Nathan
  4. Hi @RayRay26, This very much sounds like a hardware issue to me, and not malware. Here's an article about how backup a Samsung J7. You can also use Google Photos to backup photos. I really think a new device will solve your issues, but feel free to send an Apps Report if you like. To send an Apps Report with Malwarebytes for Android use the following instructions. 1.Open the Malwarebytes for Android app. 2.Tap the Menu icon. 3. Tap Your apps. 4. Tap three lines icon in upper right corner. 5. Tap Send to support Choose an email app to send Apps Report. Your email app will open with the Apps Report included. Send the Apps Report to create a ticket. Private Message (PM) me the email used and/or the ticket number assigned. Nathan
  5. HI @murro43, I would suggest contacting our support staff: Malwarebytes Home Support They will be able to help you figure this out. Nathan
  6. Hi @metone, I have never heard of such an attack. I can see if there is anything suspicious on your device if you send an Apps Report. To send an Apps Report with Malwarebytes for Android use the following instructions. 1.Open the Malwarebytes for Android app. 2.Tap the Menu icon. 3. Tap Your apps. 4. Tap three lines icon in upper right corner. 5. Tap Send to support Choose an email app to send Apps Report. Your email app will open with the Apps Report included. Send the Apps Report to create a ticket. Private Message (PM) me the email used and/or the ticket number assigned. Nathan
  7. Hi @murro43, The licensing via our Malwarebytes website is done per device. Thus, if you bought only a single device license, the Windows version counts as one device. However, for only $10 more per year you can get licensing for up to 5 devices which includes Android. Another option for Malwarebytes for Android licensing is by purchasing through Google Play for $11.99 per year. This option also allows you to have the premium version on multiple Android devices. As long as you use the same Google account on the device that Malwarebytes for Android was purchased, premium will be activated. For more licensing questions, you may find our Malwarebytes for Android FAQs helpful. Nathan
  8. Hi @ArcNarvin, What makes you think it has malware? You could get a list of all apps installed and uninstall for current user using this method (details in link below): https://forums.malwarebytes.com/topic/216616-removal-instructions-for-adups/ Nathan
  9. Hi @john-anthony, I looked up your ticket, and just wanted to verify everything is resolved. Thanks, Nathan
  10. Hi @ChessPDH, This may be a browser related ad. This is caused by the way most browsers handle redirections executed by javascript code. Most browsers don't do a great job of preventing these redirects, which also cause ad pop-ups. Advertising affiliates are aware of this, and exploit this weakness. Even if an advertising affiliate is shut down for using this exploit, they just come back with a different affiliate id and are right back at it. The best way to block these pop-ups are to try a different browsers, disable javascript, install a browser with ad blocking (like Opera), and/or install Ad-block Plus. If you encounter these pop-ups again, back out of them using Android's back key. Also, clearing your history and cache will help stop the ads from reoccurring. Thanks for reaching out, Nathan
  11. Hi @77Vero, We will look into it ASAP! Also, you can use this method to uninstall for current user (details in link below): https://forums.malwarebytes.com/topic/216616-removal-instructions-for-adups/ Warning: Make sure to read Restoring apps onto the device (without factory reset) in the rare case you need to revert/restore app. Use this/these command(s) during step 7 under Uninstalling Adups via ADB command line to remove: adb shell pm uninstall -k --user 0 com.gangyun.beautysnap Nathan
  12. @jansen, It's really not too hard to code. You just add a function in the code to do something (in this case, open ad using Chrome Custom Tabs) whenever Google PLAY opens/updates/installs/etc. Thanks @imma! Well, that confirms it — definitely BatMobi! That means there are hidden versions of BatMobi sitting somewhere in apps from users that have only installed from Google PLAY. I've been looking for it all along, but going to have to dig deeper. Nathan
  13. Hi @jansen, Do you happen to have the Google PLAY link to the Videoder version on the PLAY store? I'm not finding it. Nathan
  14. It's not the app itself, it's the BatMobi Ad SDK within the app. BatMobi has always been pretty low level, and as far as Adware goes, not the most aggressive. Heck, some versions aren't even aggressive enough to detect. Then all of sudden, you all started getting ads within Google PLAY. Perhaps they get A LOT of push back by developers and backed off. Also, there are quite of few apps in Google PLAY with hidden BatMobi. Evidenced by this issue not just be restricted to just third party app stores. Maybe, just maybe this all fixed itself 🤞 Nathan
  15. Hi @deucy14, You can create ticket here: Malwarebytes Home Support They will resolve all your questions/concerns. Nathan
  16. Hey Everyone, Just so we are all up to date, I did more research into .com.google.Chrome.xxx, and it appears those are typically just incomplete download files. Thus, they are not a concern. An incomplete APK can't install. Also, I believe that this infection is also associated with Android/Adware.InMobi. We are seeing variants that are not only on various third party app stores, but also on Google PLAY. Both Android/Adware.BatMobi and Android/Adware.InMobi used to be low level. There are variants of InMobi that aren't even considered Adware, and thus are not detected by anti malware scanners. It almost seems like something happened on these Ad SDKs sever side that now all of sudden they decided to start showing ads in Google PLAY. So an app that used to not give you any problems now is hosting pop ups. I'm once again trying to reproduce this on a test device to confirm my findings. I think it's also important to state that the websites the pop ups are redirecting to look to be harmless — although annoying. Thus, if you have an app that is causing the pop ups you REALLY want to keep, you are probably in the clear if you are not to annoyed by the pop ups. Nathan
  17. Hi @MichelleZW, You're not alone in that feeling Send me an Apps Report, and I take a look. To send an Apps Report with Malwarebytes for Android use the following instructions. 1.Open the Malwarebytes for Android app. 2.Tap the Menu icon. 3. Tap Your apps. 4. Tap three lines icon in upper right corner. 5. Tap Send to support Choose an email app to send Apps Report. Your email app will open with the Apps Report included. Send the Apps Report to create a ticket. Private Message (PM) me the email used and/or the ticket number assigned. Nathan
  18. Hi @OnMy2ndGP, Thanks for the newest website to block. I guarantee there will be more. These type of ad websites come and go frequently. They know that their websites will be blocked, so they come up with new ones until it is blocked as well. That's way it's so tough to keep up with blocking them all. There is constantly a new stream of ad websites popping up. This issue isn't dependent on Samsung. We have people with LG's, Xiaomi's, etc. I think we are seeing a lot of Samsung's because a lot of people have Samsung's Feel free to send an Apps Report as well if you like. Nathan
  19. Hi @Sarah9333 & @Lines, If you like to send me an Apps Report, I can see if I can find anything that may be causing the issue. To send an Apps Report with Malwarebytes for Android use the following instructions. 1.Open the Malwarebytes for Android app. 2.Tap the Menu icon. 3. Tap Your apps. 4. Tap three lines icon in upper right corner. 5. Tap Send to support Choose an email app to send Apps Report. Your email app will open with the Apps Report included. Send the Apps Report to create a ticket. Private Message (PM) me the email used and/or the ticket number assigned. Nathan
  20. Bonjour @77Vero, Merci pour l'information! Il semble que music.downloader.mp3.powermusic n’est plus disponible. Je vais voir si je peux le trouver, et Youzik MP3. J'ai moi-même réfléchi à la corrélation entre Webview et ce problème. Cependant, je pense que si vous souhaitez désactiver quoi que ce soit, il serait préférable de désactiver Javascript dans Chrome. Il n'est pas dangereux de désactiver WebView, mais vous perdrez des fonctionnalités. J'espère que Google Translate fonctionnera également pour traduire l'anglais vers le français. Merci pour l'aide! Nathan
  21. Hi @Fn187, Thanks for bringing this to our attention. This issue has been resolved and will no longer be detected in future database versions. Thanks again, Nathan
  22. Now that we have pinpointed the infection, let's see if we can remove it properly. These are the steps I'm going to try myself to remove the infection: Removing infected app Go to Settings > Apps In the listed Apps, find infected app and click it Remember this is anything from the source en.uptodown.com — devian.tubemate.v3 (TubeMate), com.snaptube.premium (Snaptube), com.rahul.videoderbeta (Videoder Video Downloader), etc In App info, click Force Stop Click Storage Press Clear Data (this clears the cache as well) Click Back button to return to App info Click Uninstall Clearing Chrome cache Go to Settings > Apps > Chrome In the App info, go to Storage Press Clear Cache Press Manage Space Press Manage under All site storage, including cookies and other locally stored data Two options here: Press Clear Site Storage... to clear all site data Find the offending site(s) (m.novelcamp.net) and click on it in list Press Clear & Reset The infection uses what is called Chrome Custom Tabs, which uses Chrome. Thus, clearing Chrome's cache after uninstalling the infection should remove. Extra cleanup and if you already removed infection If you already removed the infection, you can use a file manager like ASTRO to remove old folder/files. You would remove from the internal shared storage this directory Android/data/<infection package name>. Some apps will also leave folders at the root of the internal shared storage as well — even after uninstalling. Not done yet Hopefully this does the trick, but considering we have users that are still getting popups after a factory reset, there is still research to do. This is at least a good start at least. Nathan
  23. Hi @Brianwc, @Grimlich, @bud11, @imma, @77Vero, @Mahadev, & Everyone else following this thread! This is the most beautiful thing I've seen as a threat researcher! I was able to reproduce the issue! Just as many of you experienced, it happened while using Google PLAY! We have all three of these installed on my test device: devian.tubemate.v3 TubeMate com.snaptube.premium Snaptube com.rahul.videoderbeta Videoder Video Downloader I correct in my assumption I previously stated: Therefore, we have a 100% positive source of infection! So now, we need to figure out why simply uninstalling does not fix the issue. What is being leftover (as @aniytik pointed out) that is causing this? I would suggest reinstalling (I know, crazy) and clear both the data & cache, and uninstalling again. However, I'm going to look deeper into this to find a more concrete solution. Progress people, progress!!! Nathan
  24. Hi @Mahadev, You are the only one with that launcher, and I can't find a version of it anywhere to analysis. It's worth a try though. @aniytik It certainly could be. In that case, the infected app would need to installed again, and then have data/cache cleared before uninstalling again. Most likely many already uninstalled many apps trying to figure things out before it was submitted to me. If that's really the case, this one is going to be like a needle in a haystack to solve... which it already feels like to me. Nathan
  25. This is going to sound crazy, but the only app that all the App Reports I have been shared with me is Google Text-to-speech Engine. Maybe try disabling? I'm running out of ideas here other than suggesting a factory reset with clearing the partition cache. Nathan
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.