mbam_mtbr

Hi @ScciVcci, If you could send me an Apps Report, I can look further into this for you. To send an Apps Report with Malwarebytes for Android use the following instructions. 1. Open the Malwarebytes for Android app. 2. Tap the Menu icon. 3. Tap Your apps. 4. Tap three lines icon in upper right corner. 5. Tap Send to support Choose an email app to send Apps Report. Your email app will open with the Apps Report included. At this point, it would be very helpful to mention you are submitting via recommendation from the Malwareybtes forum. This allows our support staff to know where to direct it. By sending the Apps Report, you will create a ticket in our support system. Private Message (PM) me the email used and/or the ticket number assigned. Nathan

Hi @GLStevenson, Great to hear! We also created a detection for this (Android/PUP.Riskware.HiddenAds.GGAX) last week, so anyone else experiencing issues are covered. Nathan

Hi @Ryzu, I would try once again clearing cache, and also an uninstall/re-install. Let me know if that works, Nathan

Hi @GLStevenson, In the case of @Ripech, this was the culprit: org.myklos.btautoconnect Bluetooth Auto Connect If this doesn't fix your issue too, then just send me an Apps Report. Nathan

Hi @rdell, I can check for adware if you like. All you need to do is send me an Apps Report. To send an Apps Report with Malwarebytes for Android use the following instructions. 1. Open the Malwarebytes for Android app. 2. Tap the Menu icon. 3. Tap Your apps. 4. Tap three lines icon in upper right corner. 5. Tap Send to support Choose an email app to send Apps Report. Your email app will open with the Apps Report included. At this point, it would be very helpful to mention you are submitting via recommendation from the Malwareybtes forum. This allows our support staff to know where to direct it. By sending the Apps Report, you will create a ticket in our support system. Private Message (PM) me the email used and/or the ticket number assigned. Nathan

Hi @rdell, It sounds like it could be browser related. I would try clearing your history and cache in Firefox. Then also the storage and cache within the App info section of your device (settings>apps). If that doesn't solve it, we can look for Adware on your device. Thanks for reaching out, Nathan

Hi @Ripech, Sounds like it may be Adware. If you could send an Apps Report, I can look further into it. To send an Apps Report with Malwarebytes for Android use the following instructions. 1. Open the Malwarebytes for Android app. 2. Tap the Menu icon. 3. Tap Your apps. 4. Tap three lines icon in upper right corner. 5. Tap Send to support Choose an email app to send Apps Report. Your email app will open with the Apps Report included. At this point, it would be very helpful to mention you are submitting via recommendation from the Malwareybtes forum. This allows our support staff to know where to direct it. By sending the Apps Report, you will create a ticket in our support system. Private Message (PM) me the email used and/or the ticket number assigned. Nathan

Hi @Bad_Cookie, Most likely if the site had downloaded an APK, you still would have to approve the install. Thus, you're most likely okay. Especially if Malwarebytes for Android didn't detect anything. Nathan

Hi @Artemisia11, Would you mind sending me an apps report? To send an Apps Report with Malwarebytes for Android use the following instructions. 1.Open the Malwarebytes for Android app. 2.Tap the Menu icon. 3. Tap Your apps. 4. Tap three lines icon in upper right corner. 5. Tap Send to support Choose an email app to send Apps Report. Your email app will open with the Apps Report included. At this point, it would be very helpful to mention you are submitting via recommendation from the Malwareybtes forum. This allows our support staff to know where to direct it. By sending the Apps Report, you will create a ticket in our support system. Private Message (PM) me the email used and/or the ticket number assigned. Nathan

Hi @Artemisia11, So the calculator app is/was being detected by Malwarebytes for Android? Do you know what it was being detected as? Nathan

Hi @joeygrimes, You can use this method to uninstall for current user (details in link below): https://forums.malwarebytes.com/topic/216616-removal-instructions-for-adups/ Warning: Make sure to read Restoring apps onto the device (without factory reset) in the rare case you need to revert/restore app. Nathan

Hi @borsan2k, Thanks for bringing this to our attention. This issue has been resolved and will no longer be detected in future database versions. Thanks again, Nathan

Hi @ddog, If you could provide that Goolge PLAY link and/or attached the APK here, I can have a look for you. Nathan

Hi @paxlux, It may want to try clearing the cache of Malwarebytes for Android to see if that helps. Also, an reinstall may help. We let our dev team now about the issue. Nathan

Hi @Grubstake, Is your phone rooted, or have you used a custom ROM? I found this article addressing the error you are getting: https://thedroidguy.com/pixel-device-corrupt-cant-trusted-may-not-work-properly-error-issues-1076400 Seems more like corruption in the OS then malware. Nathan

Hi @Max_from_RUSSCITY, Detection updated to Android/PUP.Monitor.AllTracker.ACT. Nathan

Hi @ettore, If you could send an Apps Report, I can see if there isn't unusual. To send an Apps Report with Malwarebytes for Android use the following instructions. 1.Open the Malwarebytes for Android app. 2.Tap the Menu icon. 3. Tap Your apps. 4. Tap three lines icon in upper right corner. 5. Tap Send to support Choose an email app to send Apps Report. Your email app will open with the Apps Report included. At this point, it would be very helpful to mention you are submitting via recommendation from the Malwareybtes forum. This allows our support staff to know where to direct it. By sending the Apps Report, you will create a ticket in our support system. Private Message (PM) me the email used and/or the ticket number assigned. Nathan

Hi @HarryZ, If you send me an Apps Report, I can see if I can find any Adware. To send an Apps Report with Malwarebytes for Android use the following instructions. 1.Open the Malwarebytes for Android app. 2.Tap the Menu icon. 3. Tap Your apps. 4. Tap three lines icon in upper right corner. 5. Tap Send to support Choose an email app to send Apps Report. Your email app will open with the Apps Report included. At this point, it would be very helpful to mention you are submitting via recommendation from the Malwareybtes forum. This allows our support staff to know where to direct it. By sending the Apps Report, you will create a ticket in our support system. Private Message (PM) me the email used and/or the ticket number assigned. Nathan

Hi @TommyR, You can use this method to uninstall com.android.system.ups for current user (details in link below): https://forums.malwarebytes.com/topic/216616-removal-instructions-for-adups/ Warning: Make sure to read Restoring apps onto the device (without factory reset) in the rare case you need to revert/restore app. Use this/these command(s) during step 7 under Uninstalling Adups via ADB command line to remove: adb shell pm uninstall -k --user 0 <com.android.system.ups> @Chamorrogirl No, you do not have to worry about the malware carrying over with the SIM card. It's only an issue with the device itself. If you considering buying a new phone, I'd personally suggest a refurbished/renewed Google phone. I personally bought a renewed Pixel 2 off of Amazon a couple of weeks ago, and it works great. Just make sure it will work with your carrier. Nathan

Hi @SiddharthDubey, It's a tricky one, but it is indeed in App Info. See the red box below: That floating 14.12 MB with no icon at the bottom of the App Info list is it. If you click on it, you get to it's info page: Thanks for the support! Nathan

Hi @Bigdaddygrant, These types of ads are browser related. This is caused by the way most browsers handle redirections executed by javascript code. Most browsers don't do a great job of preventing these redirects, which also cause ad pop-ups. Advertising affiliates are aware of this, and exploit this weakness. Even if an advertising affiliate is shut down for using this exploit, they just come back with a different affiliate id and are right back at it. The best way to block these pop-ups are to try a different browsers, disable javascript, install a browser with ad blocking (like Opera), and/or install Ad-block Plus. If you encounter these pop-ups again, back out of them using Android's back key. Also, clearing your history and cache will help stop the ads from reoccurring. Thanks for reaching out, Nathan

Hi @Facebook123, Fake Facebook accounts are not uncommon. However, they are not created via any malware app. Thus, there is nothing to detect by a malware scanner. If you like to protect your personal Facebook account, it's a good idea to change your password using a strong password and use a password manager. Also, set up two-factor authentication. Nathan

AdvancedSetup is right. My Pixel does the same thing when I authenticate. As long as the location is correct and you know it was 'you' signing in, then nothing to worry about. Nathan

Hi @Coco456, If you're okay with it, lets start with an Apps Report. I'll be able to see if there is anything malicious on your device. To send an Apps Report with Malwarebytes for Android use the following instructions. 1.Open the Malwarebytes for Android app. 2.Tap the Menu icon. 3. Tap Your apps. 4. Tap three lines icon in upper right corner. 5. Tap Send to support Choose an email app to send Apps Report. Your email app will open with the Apps Report included. At this point, it would be very helpful to mention you are submitting via recommendation from the Malwareybtes forum. This allows our support staff to know where to direct it. By sending the Apps Report, you will create a ticket in our support system. Private Message (PM) me the email used and/or the ticket number assigned. Nathan

Hi @Concerned_Citizen, Nice find there! Yes, small.tff appears to be a library to be loaded at runtime. I have seen it in several related malware as well. There is even more obfuscated code in there I noticed. If you are decent with coding, you can sometimes successfully write your own small java program replicating the code found to decompile some of the strings. Also, sometimes it's easier to just run the malware in an emulator and see what it's doing via analysis software. Trust me, I'd love to have the time to dig deeper into things like these. But with new variants of HiddenAds coming in daily along with thousands of other mobile malware the higher priority is to get these detected by our client. You find anything else, keep them coming! com.fota.wirelessupdate.apk is a tough one as there are clean variants as well. You have to remember that it's sole purpose is to update the mobile device. Thus, it needs quite a bit of privileges to due so. But yes, you are probably right that it could be called blatant malware with Trojan categorization. I've nearly changed the name several times. Once again though, users are still reliant on it to update the OS with critical updates. Thus, we keep it as a PUP Riskware. You have to realize that most users don't know that PUP isn't straight malware anyway. Once again, thanks for all the feedback, Nathan