mercury6262 Posted February 15, 2015 ID:939794 Share Posted February 15, 2015 My Mobile Malwarebytes notified me of an android/trojan.smspy.hy detection in /system/app/BasicSmsReceiver/BasicSmsReceiver.apk. When I select it and then the Delete button, however, Malwarebytes asks me if I want to uninstall the app and then fails to remove it when I confirm the removal.I can't find anything about this detection via a search on Google or Malwarebytes.org. Is this a valid detection or possibly a false positive? If valid, what are my next steps? Link to post Share on other sites More sharing options...
bp1945 Posted February 15, 2015 ID:939855 Share Posted February 15, 2015 I have exactly the same situation on my Nexus 7. This was first flagged yesterday though I haven't installed anything new for several days. Link to post Share on other sites More sharing options...
mercury6262 Posted February 16, 2015 Author ID:939982 Share Posted February 16, 2015 I should add that I too am using a Nexus 7, and I updated to Lollipop within the last week, so maybe it's a false detection due to something on the Nexus 7 devices or Nexus devices running Lollipop? Also, I have only installed Adobe Photoshop within the last couple of days, through the Google Play store, which Malwarebytes Mobile ok'd. So, I don't think that's the culprit, however, on Friday, I did update a number of apps through the Play store - Gmail, Google, Google Maps, My Fitness Pal, and some others. Maybe those updates caused Malwarebytes to think I have an infection?Bp1945 - did your Nexus do similar updates, to your knowledge? Link to post Share on other sites More sharing options...
bp1945 Posted February 16, 2015 ID:939986 Share Posted February 16, 2015 I updated to Lollipop very recently too, and I have had updates in the last few days, though I didn't notice which apps were involved. (I don't have Adobe Photoshop or My Fitness Pal so we can definitely rule those out as culprits.) I think you are right and this is going to turn out to be a false positive due to something added to our machines during a recent app update. Link to post Share on other sites More sharing options...
bh_john Posted February 16, 2015 ID:940147 Share Posted February 16, 2015 I can also report the same problem on two devices. A Nexus 7 (2013) LTE and a Nexus 7 (2012) HSPA. Both recently updated to Lollipop and I do not recall installing any new apps lately, just updates to existing apps. Malwarebytes recently reports the Trojan.SmsSpy.hy on both devices. I've since installed Bitdefender on both devices and that tells me that both devices are fine. Link to post Share on other sites More sharing options...
cachry Posted February 16, 2015 ID:940149 Share Posted February 16, 2015 I discovered the same thing yesterday, seems to be in fashion. Would love to know how to exterminate it, if that is needed. Link to post Share on other sites More sharing options...
mercury6262 Posted February 17, 2015 Author ID:940401 Share Posted February 17, 2015 This issue is still being reported each time Malwarebytes Mobile scans on my Nexus 7. I'm guessing that since others have used additional scanners and come up clean, it's a false positive specific to the N7s running Android 5.0.2. All the same, can someone from Malwarebytes reply to this thread to confirm whether it's a false positive on our Nexus devices or whether we should just kick our devices back to factory to get rid of a legitimate infection? Link to post Share on other sites More sharing options...
bp1945 Posted February 17, 2015 ID:940450 Share Posted February 17, 2015 I'm planning on white-listing this supposed infection. It seems that the BasicSmsReceiver is what is says, an SMS receiver - yes folks, the Nexus 7 using Lollipop can actually receive text messages. I don't think I've seen this documented, but it does work. Link to post Share on other sites More sharing options...
CWilliams Posted February 18, 2015 ID:940601 Share Posted February 18, 2015 Hello Everyone, In regards to this detection it is a false positive. We have updating our database and this should not happen anymore. Make sure to update your database on your phone and check to see if you are still seeing this. Link to post Share on other sites More sharing options...
mercury6262 Posted February 18, 2015 Author ID:940644 Share Posted February 18, 2015 Thanks for the assurance, CWilliams. Rescanned with the updated definitions db and all is clear again on my Nexus tablet. Link to post Share on other sites More sharing options...
cachry Posted February 22, 2015 ID:942110 Share Posted February 22, 2015 Good stuff. I was worried about this and appreciate Chris's response. Link to post Share on other sites More sharing options...
bp1945 Posted June 21, 2015 ID:970713 Share Posted June 21, 2015 It appears that Malwarebytes is flagging the BasicSMSReceiver as a trojan again. Link to post Share on other sites More sharing options...
ByronSimmonds Posted June 22, 2015 ID:970782 Share Posted June 22, 2015 Yesterday MB found trojan.smsspy on my Nexus 7 (with mobile data, which I don't use, and running Android 5.1.1). Adding it to the MB Whitelist (Simple message receiver com.android.basicsmsrecever) gets it off my back, but clearly this is not the answer. Link to post Share on other sites More sharing options...
a_Mbam Posted June 22, 2015 ID:970898 Share Posted June 22, 2015 Hi bp1945, ByronSimmonds, Thanks for bringing this to our attention. I'll look into it and have a fix out soon. I apologize for the inconvenience. Regards, -Armando Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now