Jump to content
mercury6262

trojan.smspy.hy detection listed cannot be removed

Recommended Posts

My Mobile Malwarebytes notified me of an android/trojan.smspy.hy detection in /system/app/BasicSmsReceiver/BasicSmsReceiver.apk. When I select it and then the Delete button, however, Malwarebytes asks me if I want to uninstall the app and then fails to remove it when I confirm the removal.

I can't find anything about this detection via a search on Google or Malwarebytes.org. Is this a valid detection or possibly a false positive? If valid, what are my next steps?

Share this post


Link to post
Share on other sites

I have exactly the same situation on my Nexus 7. This was first flagged  yesterday though I haven't installed anything new for several days.

Share this post


Link to post
Share on other sites

I should add that I too am using a Nexus 7, and I updated to Lollipop within the last week, so maybe it's a false detection due to something on the Nexus 7 devices or Nexus devices running Lollipop?

Also, I have only installed Adobe Photoshop within the last couple of days, through the Google Play store, which Malwarebytes Mobile ok'd. So, I don't think that's the culprit, however, on Friday, I did update a number of apps through the Play store - Gmail, Google, Google Maps, My Fitness Pal, and some others.

Maybe those updates caused Malwarebytes to think I have an infection?

Bp1945 - did your Nexus do similar updates, to your knowledge?

Share this post


Link to post
Share on other sites

I updated to Lollipop very recently too, and I have had updates in the last few days, though I didn't notice which apps were involved.  (I don't have Adobe Photoshop or My Fitness Pal so we can definitely rule those out as culprits.)   

 

I think you are right and this is going to turn out to be a false positive due to something added to our machines during a recent app update.

Share this post


Link to post
Share on other sites

I can also report the same problem on two devices. A Nexus 7 (2013) LTE and a Nexus 7 (2012) HSPA.

 

Both recently updated to Lollipop and I do not recall installing any new apps lately, just updates to existing apps.

 

Malwarebytes recently reports the Trojan.SmsSpy.hy on both devices. I've since installed Bitdefender on both devices and that tells me that both devices are fine.

Share this post


Link to post
Share on other sites

I discovered the same thing yesterday, seems to be in fashion.  Would love to know how to exterminate it, if that is needed.

Share this post


Link to post
Share on other sites

This issue is still being reported each time Malwarebytes Mobile scans on my Nexus 7. I'm guessing that since others have used additional scanners and come up clean, it's a false positive specific to the N7s running Android 5.0.2. All the same, can someone from Malwarebytes reply to this thread to confirm whether it's a false positive on our Nexus devices or whether we should just kick our devices back to factory to get rid of a legitimate infection?

Share this post


Link to post
Share on other sites

I'm planning on white-listing this supposed infection.  It seems that the BasicSmsReceiver is what is says, an SMS receiver - yes folks, the Nexus 7 using Lollipop can actually receive text messages.   I don't think I've seen this documented, but it does work.

Share this post


Link to post
Share on other sites

Hello Everyone,

 

In regards to this detection it is a false positive. We have updating our database and this should not happen anymore. Make sure to update your database on your phone and check to see if you are still seeing this.

Share this post


Link to post
Share on other sites

Thanks for the assurance, CWilliams. Rescanned with the updated definitions db and all is clear again on my Nexus tablet.

Share this post


Link to post
Share on other sites

Yesterday MB found trojan.smsspy on my Nexus 7 (with mobile data, which I don't use, and running Android 5.1.1). Adding it to the MB Whitelist (Simple message receiver com.android.basicsmsrecever) gets it off my back, but clearly this is not the answer.

Share this post


Link to post
Share on other sites

Hi bp1945, ByronSimmonds,

 

Thanks for bringing this to our attention. I'll look into it and have a fix out soon. 

 

I apologize for the inconvenience.

 

Regards,

 

-Armando

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.