[[Template core/front/global/favico is throwing an error. This theme may be out of date. Run the support tool in the AdminCP to restore the default theme.]] Jump to content

mbam_mtbr

Staff
  • Content Count

    858
  • Joined

  • Last visited

Everything posted by mbam_mtbr

  1. Hi SminIT, Thanks for bringing this to our attention. This issue has been resolved and will veryzhun will no longer be detected in future database versions. Nathan
  2. Hi Grtalk, It seems this is actually legitimate according to the forum: https://forums.lenovo.com/t5/Android-Yoga-Series-Tablets/System-Update/td-p/3592372. Nathan
  3. Hi Sunshine97, These cannot be removed due to the fact they are system apps, but you can disable them. Simply go into settings > apps, find the apps, open its settings, and disable it via the Disable button. Nathan
  4. Hi Sapphirelia, You probably need to remove it from the Device admin list first, then uninstall it. Here are some instructions: https://www.julianevansblog.com/2016/07/how-to-disable-android-app-device-admin-rights.html You may need to reboot the phone in safe mode as well to do this. You will need to look up the instructions on how to boot into safe mode based on the specific brand/model of phone. Nathan
  5. Hi supertonk, Unfortunately, there are no true malware scanners on iOS. The way iOS is designed makes it impossible to implement a scanner due to their security policies. Our apologizes, Nathan
  6. Hi @Jonikt, Thanks for bringing this to our attention. The rule that is detecting VivaVideo as Trojan.Gabas.a has been in our system since 2014 far before VivaVideo was being triggered by it. Although it's still unclear why VivaVideo is being triggered as there is no evidence within it's code that it contains the elements used to trigger Trojan.Gabas, we decided to retire this old rule as a precaution. Future database versions will no longer detect VivaVideo. Nathan
  7. Hi Draza, Most likely what you were seeing was ad pop-ups, and not an actual infection of Facebook. These types of ads are browser related. This is caused by the way most browsers handle redirections executed by javascript code. Most browsers don't do a great job of preventing these redirects, which also cause ad pop-ups. Advertising affiliates are aware of this, and exploit this weakness. Even if an advertising affiliate is shut down for using this exploit, they just come back with a different affiliate id and are right back at it. The best way to block these pop-ups are to try
  8. Hi Friend, Although we do not detect such activity, there are some apps that do such as SnoopSnitch, Cell Spy Catcher, and GSM Spy Finder — as mentioned in the wiki page linked in MAM's post. We do on the other hand detect malicious apps that aggressively gather IMSI along with other personal information. Hope this helps, Nathan
  9. Hi Ellahood, Glad you found a solution! Unfortunately, preinstalled malware on some phone manufacturers is becoming more of an issue -> Mobile Menace Monday: Preinstalled adware and sometimes worse McStan, my guess is that he went the route of rooting his device and/or re-imaged the phone with another ROM. This is a risky task as it could "brick" the phone, but if your willing to the take that risk on yourself it could be an option. The only other method would be to disable the apps, which is explained in the linked blog post above. Nathan
  10. HI GeoNez, Here's the reasoning for the notification: If you update Malwarebytes for Android to the latest version, we included a "do not show again" button in order to ignore. Nathan
  11. Hi Dylow, Preinstalled adware on BLU devices is a well documented issue. Read Mobile Menace Monday: Preinstalled adware and sometimes worse to learn more. Nathan
  12. Hi SkoraSkora, It's hard to say what your banking app is triggering on here. It may be that it did indeed found a malicious APK sitting in your downloads folder that hadn't been installed. According to our Mobile Malware Intelligence System, there was an occurrence of Trojan.Bankbot.rn using the filename Android_Update_7.0.2 in which Malwarebytes for Android detects. In order to check storage/emulated/0/Download/, you'll need a file exploring app like Astro File Manager to look in that directory — you can't view it via Settings > Storage. If you have checked your Downloads fold
  13. Hi vaibhavb, It sounds like you have a very interesting project you are working on. 1. Top of head do you have any interesting project on visualization malware files as affected on a phone system? Although I personally do not know of any projects specifically for mobile malware visualization, I'm sure there must be some that exist. Just searching "mobile malware visualization" is a great place to start. 2. Are there any good repositories of Malware files which can be used by the students to create the visualization or is there an easy VM+python based method to create the
  14. Hi fruquanmcdaniel, We take an aggressive stance against monitor/spyware apps as written in our blog post Mobile Menace Monday: beware of monitoring apps. If such an app is present on your device, Malwarebytes for Android should detect it. If you encounter a monitor/spyware app that we are not detecting, let us know and we’ll add a detection. Another option may to wipe/factory reset your devices — your phone carrier should be able to assist you with this. Nathan
  15. Hi ParanoiaBoy, These types of ads are browser related. This is caused by the way most browsers handle redirections executed by javascript code. Most browsers don't do a great job of preventing these redirects, which also cause ad pop-ups. Advertising affiliates are aware of this, and exploit this weakness. Even if an advertising affiliate is shut down for using this exploit, they just come back with a different affiliate id and are right back at it. The best way to block these pop-ups are to try a different browsers, disable javascript, install a browser with ad blocking (like O
  16. Hi Nocorrosau, These types of ads are browser related. This is caused by the way most browsers handle redirections executed by javascript code. Most browsers don't do a great job of preventing these redirects, which also cause ad pop-ups. Advertising affiliates are aware of this, and exploit this weakness. Even if an advertising affiliate is shut down for using this exploit, they just come back with a different affiliate id and are right back at it. The best way to block these pop-ups are to try a different browsers, disable javascript, install a browser with ad blocking (like Op
  17. Hi Hasty, Unfortunately we do have a product for Apple Mobile products. We do have Malwarebytes for Mac though. Hope this helps! Nathan
  18. Hello all, The issue has been resolved and will be addressed in next database version. Regards, Nathan
  19. Hi mikmik, There are some variants of com.adups.fota that are infected with malware found on Chinese made phones as a system app. Unfortunately, we are unable to remove if it is a system app because it is protected from uninstalling. If you could tell me what it is being detected as, I can double check that it is indeed malicious. Thanks, Nathan
  20. Hi Joelito, RootClient.apk is indeed Android/PUP.Adware.Gmobi. It’s a Potentially Unwanted App that has aggressive adware. It’s more annoying than dangerous so don’t be too concerned. As for OLX_Helper_Micromax_v2.5.apk being detected as Android/Trojan.Spy.SmsThief.de, I need more information to help find the right app being detected. If you could help me out, that would be great. This what I need you to do: 1) Install the VirusTotal app from the Google Play store -> https://play.google.com/store/apps/details?id=com.virustotal&hl=en 2) Run the VirusTotal app 3)
  21. Hi Tobias, I pulled your app from the Google Play store, and just as you found in trying to reconstruct the case there was no detection found. Most likely your app was pulled from the Google Play store, decompiled, had malicious/unwanted code added to it, recompiled, and put on a third party site for unsuspecting users to download/install. Most likely what's being detected is the added malicious/unwanted code. If you could get more details such as getting the exact app being detected, and what it is being detected as I could give you more information. This method is pretty com
  22. Hi Elsa, Thank you for removing the PUP(Potentially Unwanted Program) code from your apk, com.mephone.fonts. I assured that this updated clean apk will not be detected, however older versions that contain PUP.Riskware,Batmob still will. As far as PUP.Lotoor, I assume you are referencing com.shuame.mobile which has ties to com.shuame.rootgenius. I have updated the detection on these to PUP.Hacktool.RootGenius which is less generic, and a less intimidating detection name. Hopefully this is a fair compromise for you. Sincerely, Nathan Collier Senior Malware Intelligen
  23. Hi Ezviz, I have resolved the issue for the next Malware DB version. Regards, Nathan C Mobile Malware Researcher
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.