jochesuelo

Alcatel Smart Suite SMSthief?

23 posts in this topic

Hello, today I woke  up and my malware bytes found and infection with Alcatel Smart Suite as "Android/Trojan.Spy.SmsThief.fp" from "/custpack/app/unremoveable/priv-app/SmartSuite_v3.1.8.30001.0_signed_releasekey.apk". As folder name says it is unremoveable because its a system app so I can't delete it. It is a false positive or it is real? I don't have a root mobile and I don't download nothing ilegal, so I'm surprised. My mobile is an Alcatel Pop 3.

Share this post


Link to post
Share on other sites

ID: 5   Posted (edited)

I have the same problem since today morning and also my girlfriends phone, we both have Alcatel Onetouch idol 3 and just Malwarebytes detected this trojan, no other anivirus could, they doenst see it at all, i tried all antiviruses there are. Please help how to remove this trojan. and it cant be uninstalled. i tried formating my phone with factory reset, but it didnt help!!! after installing malwarebytes it detected it again.

Edited by Odjeca

Share this post


Link to post
Share on other sites

From similar posts regarding Malwarebytes detection of Android/Trojan.Spy.SmsThief.fp and Android/Trojan.Spy.SmsThief.ay, this may be a false positive. However, I just spoke with Alcatel Support, and what I gathered from them is it appears they have been are aware of the existence of this Trojan in their SmartSuite.apk file for sometime, as their recommended solution was to uninstall Malwarebytes so it would not be detected. Absolutely ridiculous! I have forwarded information about the detection to Alcatel Support and a manager assured me that she will follow up with their engineering and development teams regarding the issue. I will update my post when I receive any information from her.

If this is truly a false positive, can someone from Malwarebytes please address the issue with an updated DAT file as soon as possible? If it is a valid detection, can Malwarebytes please provide an updated DAT or removal assistance for the .apk that doesn't require rooting the phone and voiding the warranty?

Phone Model: 60450 - Alcatel OneTouch Idol 3

Android Version: 6.0.1

App Info: Alcatel SmartSuite v 3.2.8

Detection Info:

Screenshot_20160924-104236.png

Share this post


Link to post
Share on other sites

Below is my email to Alcatel Support:

Hello Carolina,

 

Thank you for speaking with me this morning, and agreeing to follow-up with your engineering and development teams regarding the malware detection on my Alcatel OneTouch Idol 3. Per instruction of the first representative I spoke with this morning, I have deleted the application’s data, disabled the application and rebooted the phone, which is an acceptable workaround for the moment. However, I will not uninstall my anti-malware software (MalwareBytes) per her recommendation, and simply ignore detection of this potential malware.

 

Also, as you are aware, the application’s .apk cannot be removed due to system permissions without rooting the phone and voiding the warranty. This is of great concern to me and others that have detected the malware and reported this in the MalwareBytes forums. It is very disturbing to think that Alcatel would intentionally distribute Android system software with embedded malware in order to gather statistical data from customer’s phones. If this is truly the case, it must be immediately remedied by your development and/or engineering teams with an application update that does not contain the malware, or they must provide customers with a removal procedure for the aforementioned software that will not void the phone’s warranty.

 

Hopefully, we will all have a resolution for this soon!

Share this post


Link to post
Share on other sites

Same problem as others. I have an Idol 4.

The free version of AVG mobile initially detected possible malware in Smart Suite on thursday night.  AVG Threat Labs page initially didn't show much, and I initially thought it was a false positive, but since the page has been updated with the following: http://www.avgthreatlabs.com/us-en/mobile/android-app-reports/app/com.tcl.smartsuite/details/?utm_source=TDPU&utm_medium=AAS&prod=AVF

I have AVG set on max sensitivity. 

After that, I went to the play store and installed old tried and trusted Malwarebytes and sure enough I'm getting the same detection as others in Smart Suite. [Trojan.Spy.SmsThief.fp]

I've done a settings factory wipe and a factory wipe from recovery and it still pops up. It looks like the infection is pushed down during initial updates because my first couple scans using MWB and AVG were clean and then I started getting detections. 

Share this post


Link to post
Share on other sites

Hello, same problem as well. Malwarebytes detected a Trojan on the 24th September with smart suit on my smartphone. It's an Alcatel idol touch 3. I check it three times and always the same result. Impossible to uninstall smart suite I deactivated this one. I don't know if it's a false positive but it isn't funny...

If anyone has answers ...

Share this post


Link to post
Share on other sites

ID: 13   Posted (edited)

7 minutes ago, Lisana said:

Hello, same problem as well. Malwarebytes detected a Trojan on the 24th September with smart suit on my smartphone. It's an Alcatel Onetouch Idol 3. I check it three times and always the same result. Impossible to uninstall smart suite I deactivated this one. I don't know if it's a false positive but it isn't funny...

If anyone has answers ...

Edited by Lisana

Share this post


Link to post
Share on other sites

Hi same prob here but its a tablet its like one on windows 7 home dusint go away even if you reformat

Share this post


Link to post
Share on other sites

to be on a "safe" side i rooted my device and uninstalled the app smartsuite so now malwarebytes doesnt find any trojans or that app. it looks as the only 'solution' for now.

Share this post


Link to post
Share on other sites

There are a few root utilities out there that will do it, but if your phone is new like mine is, it will void the warranty.

Share this post


Link to post
Share on other sites
2 hours ago, Odjeca said:

to be on a "safe" side i rooted my device and uninstalled the app smartsuite so now malwarebytes doesnt find any trojans or that app. it looks as the only 'solution' for now.

I've never rooted a device before. Please PM me and let me know what you used. 

Share this post


Link to post
Share on other sites

Hi everyone,

I finally received a reply from Malwarebytes regarding the SMSThief detection in the Alcatel Smart Suite app. It appears the detection is a false positive, and the app has been whitelisted for the moment. However, they are reinvestigating the app due to the AVG detection, and it could very quickly find it's way back on to the blacklist if they find it exhibiting any malicious behavior.

I have been in IT for sometime, and it is very common for software developers to "borrow" a useful behavior from malware, and code it into a legitimate application. My educated guess is; the Smart Suite mobile app uses a method very similar in nature to the actual SMSThief, malware to capture SMS messages on your phone and then pass them on to the Alcatel Smart Suite PC app for the purpose of backing up the contents of your phone. Malwarebytes' heuristics saw this behavior in the raw code of the .apk and flagged the app as malicious. It is a legitimate application, just with suspicious code embedded in it. So, unless you use the Smart Suite mobile app in conjunction with the Smart Suite PC app for phone backup and file transfer, there is absolutely no need for this app on your phone.

If your are concerned about potential privacy issues, my recommendation is to completely disable the app and delete the app's data. In Android 6.x, Go to Settings > Apps > Smart Suite > Select Force Stop > Select Ok > Select Storage > Select Clear Cache > Select Clear Data > Select the Arrow next to Storage to return to the app's detail page > Select Disable > Select Disable App > Reboot your phone. This will completely disable the app on your phone. For earlier versions of Android, please refer to your manufacturer's website or phone manual for instructions on disabling the application and deleting it's data.

Thanks to a_Mbam of Malwarebytes and Elvidster for the additional info on this issue. Take care everyone!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.