Infected SystemUI.apk on CUBOT Rainbow not detected by Malwarebytes

[khambrecht]

3 minutes ago, gradinaruvasile said:

And what did they say about this? Why was this malware there in the first place?

they just requested some detailed informations about the phone and told me that this will be analysed by their engineering. But no comment about why and how this could happen (but to be honest, I also did not really expect any explanations or apology). And a couple of days later, I got a message about the OTA update.

[gradinaruvasile]

Well i sent an email to them too asking for a firmware without ads after i started this thread. I even linked them this thread...

It seems that they do listen sometimes...

[jaimepn]

Thanks!!

They released an update that fixed the problem on the Cheetah 2 as well (I'll have to wait 1 month to confirm that)!

Now, I still notice some traffic requests from the System process:
server-52-85-71-115.lhr3.r.cloudfront.net
server-54-230-196-124.lhr50.r.cloudfront.net
server-54-230-2-196.lhr5.r.cloudfront.net

Cubot replied saying this is part of the system and I shouldn't worry. Do you think this is normal?
I don't think any of my previous android phones had similar requests from the System process.

 

 

On 6/9/2017 at 11:09 AM, khambrecht said:

@jaimepn

I assume, they fixed only the Rainbow firmware. I had an email conversation with Cubot about the infected Rainbow firmware and they fixed this upon my request.

So it would be worth a try for you to also complain about your phone. Send me a PM so I will forward my conversation with Cubot to you, as a reference.

 

 

Edited June 26, 2017 by jaimepn

[gradinaruvasile]

So. BAD news again.

THEY DID LISTEN! 

BUT NOT HOW WE THOUGHT ...

It seems that in the new firmware they just replaced their SystemUI malware with a better one.

Changelog should read:

1. Enhanced Protection Against Malware

Probably they have an issue expressing themselves in English . Or this is a standard policy in China.

So, new headline:

Cubot Rainbow firmware-embedded malware (firmware version CUBOT_RAINBOW_E6021C_V01_20160517_210258)

This malware is provided by a dedicated (i suppose) package which is hidden (it does not show up on any GUI, not even 3rd party apps) named com.android.telephone (attached in a zip file). It does not seem to have any real function (it resembles the phone app's name but it is a different package).

So, their enhancements (which are real, but not how we might interpret it):

• It evades NetGuard (and i suppose other similar software). At least it is not reported.
• At least on wif it aggressively pings their Amazon-based servers (sp2.l1181.com, alias of snowplow-collector-adv.us-east-1.elasticbeanstalk.com) draining the battery (and does some data transfer i sure hope not mic captures).
• It constantly givers itself the OP_WRITE_EXTERNAL_STORAGE(code 60 in App Ops) and OP_READ_EXTERNAL_STORAGE (code 59 in App Ops) permissions, every 2 seconds or so. I don't know the reason, maybe these permissions can be revoked and it wants to make sure it has them.
• It cannot be disabled, permissions cannot be changed (unless rooted i suppose).

I saw many GPS-related lines in logcat even when the GPS was not enabled, but when i tried to replicate the results those were not there. So it MIGHT be able to log and send the location without graphical clues.

How's that for improvements?  Besides it does contain a similar payload, a file named KYOf4C6WrkKG80 (some probably encrypted executable, 3.9 MB in size) under the Assets dir in the package.

It is detected currently by 12/55 in virustotal (again, not Malwarebytes).

So, where is it? After sifting through logcat, i managed to pinpoint it's package name and userId.

adb shell "dumpsys package | grep -A30 'userId=10090'"

    userId=10090
    pkg=Package{380093d com.android.telephone}
    codePath=/system/priv-app/com.android.telephone
    resourcePath=/system/priv-app/com.android.telephone
    legacyNativeLibraryDir=/system/priv-app/com.android.telephone/lib
    primaryCpuAbi=armeabi
    secondaryCpuAbi=null
    versionCode=20205 targetSdk=23
    versionName=2.02.05
    splits=[base]
    applicationInfo=ApplicationInfo{481dc44 com.android.telephone}
    flags=[ SYSTEM HAS_CODE PERSISTENT ALLOW_CLEAR_USER_DATA ]
    privateFlags=[ PRIVILEGED ]
    pkgFlagsEx=[ ]
    dataDir=/data/user/0/com.android.telephone
    supportsScreens=[small, medium, large, xlarge, resizeable, anyDensity]
    timeStamp=2017-06-05 21:33:45
    firstInstallTime=2017-06-05 21:33:45
    lastUpdateTime=2017-06-05 21:33:45
    signatures=PackageSignatures{282b532 [b889283]}
    installPermissionsFixed=true installStatus=1
    pkgFlags=[ SYSTEM HAS_CODE PERSISTENT ALLOW_CLEAR_USER_DATA ]
    install permissions:
      android.permission.RECEIVE_BOOT_COMPLETED: granted=true
      android.permission.INTERNET: granted=true
      android.permission.ACCESS_NETWORK_STATE: granted=true
      android.permission.READ_SYNC_SETTINGS: granted=true
      android.permission.ACCESS_WIFI_STATE: granted=true
    User 0:  installed=true hidden=false stopped=false notLaunched=false enabled=0
      gids=[3003]
    User 10:  installed=true hidden=false stopped=false notLaunched=false enabled=0

 

Tcpdump output:

00:00:00.000000 IP 192.168.101.10.60110 > 54.85.139.98.443: tcp 1448
 00:00:00.000245 IP 192.168.101.10.60110 > 54.85.139.98.443: tcp 1388
 00:00:00.129114 IP 54.85.139.98.443 > 192.168.101.10.60110: tcp 0
 00:00:00.130475 IP 54.85.139.98.443 > 192.168.101.10.60110: tcp 466
 00:00:00.188804 IP 192.168.101.10.60110 > 54.85.139.98.443: tcp 0
 00:00:10.240304 IP 192.168.101.10.60110 > 54.85.139.98.443: tcp 1448
 00:00:10.240715 IP 192.168.101.10.60110 > 54.85.139.98.443: tcp 1448
 00:00:10.241246 IP 192.168.101.10.60110 > 54.85.139.98.443: tcp 1448
 00:00:10.241455 IP 192.168.101.10.60110 > 54.85.139.98.443: tcp 993
 00:00:10.369663 IP 54.85.139.98.443 > 192.168.101.10.60110: tcp 0
 00:00:10.370200 IP 54.85.139.98.443 > 192.168.101.10.60110: tcp 0
 00:00:10.371541 IP 54.85.139.98.443 > 192.168.101.10.60110: tcp 466
 00:00:10.428865 IP 192.168.101.10.60110 > 54.85.139.98.443: tcp 0
 00:00:15.480075 IP 192.168.101.10.60110 > 54.85.139.98.443: tcp 1448
 00:00:15.480458 IP 192.168.101.10.60110 > 54.85.139.98.443: tcp 1388
 00:00:15.609398 IP 54.85.139.98.443 > 192.168.101.10.60110: tcp 0
 00:00:15.610960 IP 54.85.139.98.443 > 192.168.101.10.60110: tcp 466
 00:00:15.758869 IP 192.168.101.10.60110 > 54.85.139.98.443: tcp 0
 00:00:20.800264 IP 192.168.101.10.60110 > 54.85.139.98.443: tcp 1448
 00:00:20.800500 IP 192.168.101.10.60110 > 54.85.139.98.443: tcp 1388
 00:00:20.929365 IP 54.85.139.98.443 > 192.168.101.10.60110: tcp 0
 00:00:20.931021 IP 54.85.139.98.443 > 192.168.101.10.60110: tcp 466
 00:00:21.078883 IP 192.168.101.10.60110 > 54.85.139.98.443: tcp 0
 00:00:26.140024 IP 192.168.101.10.60110 > 54.85.139.98.443: tcp 1448
 00:00:26.140412 IP 192.168.101.10.60110 > 54.85.139.98.443: tcp 1388
 00:00:26.269395 IP 54.85.139.98.443 > 192.168.101.10.60110: tcp 0
 00:00:26.316547 IP 54.85.139.98.443 > 192.168.101.10.60110: tcp 466
 00:00:26.398944 IP 192.168.101.10.60110 > 54.85.139.98.443: tcp 0
 00:00:31.440057 IP 192.168.101.10.60110 > 54.85.139.98.443: tcp 1448
 00:00:31.440395 IP 192.168.101.10.60110 > 54.85.139.98.443: tcp 1388
 00:00:31.569329 IP 54.85.139.98.443 > 192.168.101.10.60110: tcp 0

 

Some adb logcat output:

09-18 01:15:07.515 22412  3506 I System.out: [CDS]rx timeout:30000
09-18 01:15:07.515 22412  3506 I System.out: [socket][4952] connection sp2.l1181.com/54.85.4.39:443;LocalPort=42907(30000)
09-18 01:15:07.515 22412  3506 I System.out: [CDS]connect[sp2.l1181.com/54.85.4.39:443] tm:30
09-18 01:15:07.515 22412  3506 D Posix   : [Posix_connect Debug]Process com.android.telephone :443 
09-18 01:15:07.516   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.517   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.517   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.518 22412  3513 I System.out: [socket][4953:41409] exception
09-18 01:15:07.519 22412  3513 I System.out: close [socket][/:::41409]
09-18 01:15:07.519   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.520 11939 12022 D SQLiteDatabase: beginTransaction()
09-18 01:15:07.520 22412  3513 I System.out: [CDS]rx timeout:30000
09-18 01:15:07.520   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.520 22412  3513 I System.out: [socket][4953] connection sp2.l1181.com/52.20.51.182:443;LocalPort=45345(30000)
09-18 01:15:07.520 11939 12022 D SQLiteDatabase: endTransaction()
09-18 01:15:07.521 22412  3513 I System.out: [CDS]connect[sp2.l1181.com/52.20.51.182:443] tm:30
09-18 01:15:07.521 22412  3513 D Posix   : [Posix_connect Debug]Process com.android.telephone :443 
09-18 01:15:07.521   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.523 22412  3510 I System.out: [socket][4954:51635] exception
09-18 01:15:07.523 11939 12022 D SQLiteDatabase: beginTransaction()
09-18 01:15:07.523 22412  3510 I System.out: close [socket][/:::51635]
09-18 01:15:07.524 11939 12022 D SQLiteDatabase: endTransaction()
09-18 01:15:07.524 22412  3510 I System.out: [CDS]rx timeout:30000
09-18 01:15:07.525 22412  3510 I System.out: [socket][4954] connection sp2.l1181.com/52.20.51.182:443;LocalPort=59994(30000)
09-18 01:15:07.525 22412  3510 I System.out: [CDS]connect[sp2.l1181.com/52.20.51.182:443] tm:30
09-18 01:15:07.525 22412  3510 D Posix   : [Posix_connect Debug]Process com.android.telephone :443 
09-18 01:15:07.525   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.526   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.527 11939 12022 D SQLiteDatabase: beginTransaction()
09-18 01:15:07.527   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.527 11939 12022 D SQLiteDatabase: endTransaction()
09-18 01:15:07.529 22412  3511 I System.out: [socket][4955:42142] exception
09-18 01:15:07.529 22412  3511 I System.out: close [socket][/:::42142]
09-18 01:15:07.530 22412  3511 I System.out: [CDS]rx timeout:30000
09-18 01:15:07.531 22412  3511 I System.out: [socket][4955] connection sp2.l1181.com/52.20.51.182:443;LocalPort=60775(30000)
09-18 01:15:07.531 22412  3511 I System.out: [CDS]connect[sp2.l1181.com/52.20.51.182:443] tm:30
09-18 01:15:07.531 22412  3511 D Posix   : [Posix_connect Debug]Process com.android.telephone :443 
09-18 01:15:07.531 11939 12022 D SQLiteDatabase: beginTransaction()
09-18 01:15:07.531   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.532   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.532   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.532 11939 12022 D SQLiteDatabase: endTransaction()
09-18 01:15:07.533 22412  3506 I System.out: [socket][4956:42907] exception
09-18 01:15:07.534 22412  3506 I System.out: close [socket][/:::42907]
09-18 01:15:07.535   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.535 11939 12022 D SQLiteDatabase: beginTransaction()
09-18 01:15:07.535   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.535 22412  3506 I System.out: [CDS][DNS] getAllByNameImpl netId = 0
09-18 01:15:07.536 11939 12022 D SQLiteDatabase: endTransaction()
09-18 01:15:07.536 22412  3506 D libc-netbsd: [getaddrinfo]: hostname=sp2.l1181.com; servname=(null); netid=0; mark=0
09-18 01:15:07.536 22412  3506 D libc-netbsd: [getaddrinfo]: ai_addrlen=0; ai_canonname=(null); ai_flags=4; ai_family=0
09-18 01:15:07.537 22412  3506 I System.out: [CDS]rx timeout:30000
09-18 01:15:07.537 22412  3513 I System.out: [socket][4956:45345] exception
09-18 01:15:07.537 22412  3506 I System.out: [socket][4956] connection sp2.l1181.com/54.85.139.98:443;LocalPort=55435(30000)
09-18 01:15:07.537 22412  3506 I System.out: [CDS]connect[sp2.l1181.com/54.85.139.98:443] tm:30
09-18 01:15:07.537 22412  3506 D Posix   : [Posix_connect Debug]Process com.android.telephone :443 
09-18 01:15:07.538   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.538   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.538 22412  3513 I System.out: close [socket][/:::45345]
09-18 01:15:07.538 11939 12022 D SQLiteDatabase: beginTransaction()
09-18 01:15:07.538   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.539 11939 12022 D SQLiteDatabase: endTransaction()
09-18 01:15:07.539 22412  3513 I System.out: [CDS]rx timeout:30000
09-18 01:15:07.540 22412  3513 I System.out: [socket][4957] connection sp2.l1181.com/54.85.4.39:443;LocalPort=34817(30000)
09-18 01:15:07.540 22412  3513 I System.out: [CDS]connect[sp2.l1181.com/54.85.4.39:443] tm:30
09-18 01:15:07.540 22412  3510 I System.out: [socket][4958:59994] exception
09-18 01:15:07.540 22412  3513 D Posix   : [Posix_connect Debug]Process com.android.telephone :443 
09-18 01:15:07.540   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.541 22412  3510 I System.out: close [socket][/:::59994]
09-18 01:15:07.541   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.542 22412  3510 I System.out: [CDS]rx timeout:30000
09-18 01:15:07.542   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.542 22412  3510 I System.out: [socket][4958] connection sp2.l1181.com/54.85.4.39:443;LocalPort=47499(30000)
09-18 01:15:07.542 22412  3510 I System.out: [CDS]connect[sp2.l1181.com/54.85.4.39:443] tm:30
09-18 01:15:07.542 22412  3510 D Posix   : [Posix_connect Debug]Process com.android.telephone :443 
09-18 01:15:07.542   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.544 11939 12022 D SQLiteDatabase: beginTransaction()
09-18 01:15:07.544 22412  3511 I System.out: [socket][4959:60775] exception
09-18 01:15:07.544 11939 12022 D SQLiteDatabase: endTransaction()
09-18 01:15:07.545 22412  3511 I System.out: close [socket][/:::60775]
09-18 01:15:07.545 22412  3511 I System.out: [CDS]rx timeout:30000
09-18 01:15:07.546 22412  3511 I System.out: [socket][4959] connection sp2.l1181.com/54.85.4.39:443;LocalPort=46965(30000)
09-18 01:15:07.546 22412  3511 I System.out: [CDS]connect[sp2.l1181.com/54.85.4.39:443] tm:30
09-18 01:15:07.546   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.546 22412  3511 D Posix   : [Posix_connect Debug]Process com.android.telephone :443 
09-18 01:15:07.546   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.547   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.548 11939 12022 D SQLiteDatabase: beginTransaction()
09-18 01:15:07.548 22412  3506 I System.out: [socket][4960:55435] exception
09-18 01:15:07.548 11939 12022 D SQLiteDatabase: endTransaction()
09-18 01:15:07.549 22412  3506 I System.out: close [socket][/:::55435]
09-18 01:15:07.549   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.550   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.550 22412  3506 I System.out: [CDS]rx timeout:30000
09-18 01:15:07.550 22412  3506 I System.out: [socket][4960] connection sp2.l1181.com/52.20.51.182:443;LocalPort=56140(30000)
09-18 01:15:07.551 22412  3506 I System.out: [CDS]connect[sp2.l1181.com/52.20.51.182:443] tm:30
09-18 01:15:07.551 22412  3506 D Posix   : [Posix_connect Debug]Process com.android.telephone :443 
09-18 01:15:07.551   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.552 22412  3513 I System.out: [socket][4961:34817] exception
09-18 01:15:07.552 22412  3513 I System.out: close [socket][/:::34817]
09-18 01:15:07.553   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.554 22412  3513 I System.out: [CDS][DNS] getAllByNameImpl netId = 0
09-18 01:15:07.554 22412  3513 D libc-netbsd: [getaddrinfo]: hostname=sp2.l1181.com; servname=(null); netid=0; mark=0
09-18 01:15:07.554 22412  3513 D libc-netbsd: [getaddrinfo]: ai_addrlen=0; ai_canonname=(null); ai_flags=4; ai_family=0
09-18 01:15:07.555   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.555 22412  3513 I System.out: [CDS]rx timeout:30000
09-18 01:15:07.555 22412  3513 I System.out: [socket][4961] connection sp2.l1181.com/54.85.139.98:443;LocalPort=39542(30000)
09-18 01:15:07.555 22412  3513 I System.out: [CDS]connect[sp2.l1181.com/54.85.139.98:443] tm:30
09-18 01:15:07.555 22412  3513 D Posix   : [Posix_connect Debug]Process com.android.telephone :443 
09-18 01:15:07.556 11939 12022 D SQLiteDatabase: beginTransaction()
09-18 01:15:07.556   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.556 22412  3510 I System.out: [socket][4962:47499] exception
09-18 01:15:07.556 11939 12022 D SQLiteDatabase: endTransaction()
09-18 01:15:07.557 22412  3510 I System.out: close [socket][/:::47499]
09-18 01:15:07.558 22412  3510 I System.out: [CDS][DNS] getAllByNameImpl netId = 0
09-18 01:15:07.558 22412  3510 D libc-netbsd: [getaddrinfo]: hostname=sp2.l1181.com; servname=(null); netid=0; mark=0
09-18 01:15:07.558 22412  3510 D libc-netbsd: [getaddrinfo]: ai_addrlen=0; ai_canonname=(null); ai_flags=4; ai_family=0
09-18 01:15:07.559   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.559   211  1013 D SocketClient: SocketClient sendData done: 
09-18 01:15:07.559 22412  3510 I System.out: [CDS]rx timeout:30000
09-18 01:15:07.559 22412  3510 I System.out: [socket][4962] connection sp2.l1181.com/54.85.139.98:443;LocalPort=38415(30000)
09-18 01:15:07.560 22412  3510 I System.out: [CDS]connect[sp2.l1181.com/54.85.139.98:443] tm:30
09-18 01:15:07.561 11939 12022 D SQLiteDatabase: beginTransaction()
09-18 01:15:07.561 22412  3511 I System.out: [socket][4963:46965] exception
09-18 01:15:07.561 22412  3511 I System.out: close [socket][/:::46965]
09-18 01:15:07.562 11939 12022 D SQLiteDatabase: endTransaction()
09-18 01:15:07.563 22412  3511 I System.out: [CDS][DNS] getAllByNameImpl netId = 0

After this i'm officially done with them. It remains to be seen if the phone can be returned...

com.android.telephone.apk.zip

[gradinaruvasile]

Well it seems it can be uninstalled using the method from here:

https://www.reddit.com/r/Android/comments/6ftg72/want_to_completely_disableuninstall_those_pesky/

In this case the commands are these:

adb shell pm uninstall -k --user 0 com.android.telephone
adb shell pm uninstall -k --user 10 com.android.telephone

In this device it was installed both for user '10' (Guest) and the current user '0'. 

[gradinaruvasile]

Another thing to keep in mind:

If the phone is reset to factory defaults this malware will re-deploy. So in that case do not connect it to any network until it is removed and the phone restarted.

[khambrecht]

@gradinaruvasile: great job! Thanks.

I have uninstalled the malicious app from user 0 (did not have user 10 or any other). Do I have any chance to prove if the phone now behaves as desired?

 

[gradinaruvasile]

8 hours ago, khambrecht said:

@gradinaruvasile: great job! Thanks.

I have uninstalled the malicious app from user 0 (did not have user 10 or any other). Do I have any chance to prove if the phone now behaves as desired?

First you MUST reboot the phone, the malware is in memory.

Then capture packets on the router and see if you have connections made to the above-mentioned 3 IP addresses. Other than that no idea, as the package does not show up in any GUI app. Maybe some native Android apps have the capacity to capture its  packets, but i am not sure.

Edited September 22, 2017 by gradinaruvasile

[Olivia]

Cubot have noticed this problem and the new App updated edition will be without adverting . there are totally two devices Cubot rainbow and cheetah have this problem , Cubot will continuously working for it and solve problems .any more question pls contact with the after sales staff : elva Tel:+ 86 - 755 83821787 - 807
Email : cubot100@cubot.net

[gradinaruvasile]

18 hours ago, Olivia said:

Cubot have noticed this problem and the new App updated edition will be without adverting . there are totally two devices Cubot rainbow and cheetah have this problem , Cubot will continuously working for it and solve problems .any more question pls contact with the after sales staff : elva Tel:+ 86 - 755 83821787 - 807
Email : cubot100@cubot.net

This means we get another firmware update?

[khambrecht]

On 24.9.2017 at 12:15 AM, gradinaruvasile said:

This means we get another firmware update?

<ironic>

sure. with an even more sophisticated malware

</ironic>

@Olivia: joking aside, some more information would be appreciated. Also why and how this could happen in the past.To be honest, I lost confidence a little bit.

[khambrecht]

Cubot has released an updated ROM: http://forum.cubot.net/viewtopic.php?f=21&t=1562

Didn't installed this yet on the phone, but downloaded the ROM and "diffed" this with the previously release ROM from 2017-05-26 (the one with that "surprising" com.android.telephone app).

Most of the .apk and .odex files do binary-differ. However, it look like the app packages are just re-packed. At least they are packaged now with a JVM 1.7.0_121 (compared to 1.7.0_79).

But the real change is, that the newer ROM now has some apps missing. In the /priv-app directory this is the malicious com.android.telephone.apk, and in the /app directory these are com.sherlock.news.apk and webcore.apk (not sure what the first one is, but the latter one looks like just an opera-mini downloader/launcher). The new ROM does not include any new apps (just lots of more linux cmdline tools which are actually all symlinks to " toybox" utility)

So, the known malicious app com.android.telephone has gone. But who knows? Is the next round of malware now just hidden elsewhere?

Edited November 28, 2017 by khambrecht

[CubotIsScam]

Hi guys and thank you so much for this thread.

I had this piece of junk for 1 year now and forced to stay in power saving mode and disable javascript the whole time I am connected to reduce the ads and spam.

Can I have an update about the last firmware if you tried it? I don't want to lose 5 hours for back-up and reinstall everything to have a jump in dark and then discover it is worse than before.

Thanks again!

Edited February 16, 2018 by CubotIsScam
typo

[khambrecht]

I have updated firmware some weeks ago. But honestly, I do not use the phone at all, exept from some rare occasions when I need to check something with an android phone. So far, I did not recognize an unusual behaviour.

[CubotIsScam]

9 hours ago, khambrecht said:

I have updated firmware some weeks ago. But honestly, I do not use the phone at all, exept from some rare occasions when I need to check something with an android phone. So far, I did not recognize an unusual behaviour.

Thanks for your reply Khambrecht. How many weeks ago if I may ask?

Could you try to report back to us in the next 3 to 6 weeks? As it was advised earlier the malware seems to spawn at that time after a fresh install. I would really appreciate it.

Thanks again.

Edited February 19, 2018 by CubotIsScam
additional info

[CubotIsScam]

Hi guys, 

anyone tried to flash the mobile with the rom and able to provide any feedback?

I am going to do it soon and will provide feedback soon, would be nice to know what to expect from that though.

[khambrecht]

On 7/17/2018 at 6:41 PM, CubotIsScam said:

Hi guys, 

anyone tried to flash the mobile with the rom and able to provide any feedback?

I am going to do it soon and will provide feedback soon, would be nice to know what to expect from that though.

After flashing the phone in February, I have use the phone now last week during holidays. Looks fine so far. The phone has a very bad performance (e.g. GPS navigation via Google Maps is quite unusable). But no nags, no pupups, no unwanted software.