Jump to content
garioch7

SmartSwitch Software Triggers Ransomware Warnings

Recommended Posts

@Vabadus

Just an update.  SmartSwitch installed new versions on both of my computers (4.1.17102.8) today.  The problem persists.

Thank you and have a great weekend.

Regards,
-Phil

Share this post


Link to post
Share on other sites

Hello, weird. When downloading Smart Switch, and installing it, this app will not be misdirected as malware. And even when browsing nothing is detected.Source, was a german googel store. My smartphone, Samsung Galaxy S3 mini, Android 4.2.2 not rooted.

Am I mistreating myself, or was that fixed?

Only, my experience with this App.

MAM

 

Edited by MAM

Share this post


Link to post
Share on other sites

Thanks, we are looking at this problem once again.

The issue is caused since Samsung's software use a temporary folder to make a copy of all apps. Since those are executable on Android, our app goes ahead and scans them for threads.

Thanks for more information.

Share this post


Link to post
Share on other sites

@Vabadus

Thank you for the update.  That Samsung SmartSwitch behaviour sounds like it should be reasonably easy to identify, if there is any consistency to its temporary app backup file naming.  The option might be to identify, if possible, within Android, whether the phone is running the Samsung SmartSwitch external backup app from a computer.

I look forward to a fix in the future, and in the interim, I am pleased that you were able to identify the cause of the issue.  I knew that my cell phone was not infected by any ransomware or malware of any kind, so I was not concerned.  Nothing should have gotten past MBAP and Bitdefender Mobile Security.  It has been mostly a nuisance issue, since the SmartSwitch backups report that they were successfully created.  Nonetheless, being very cognizant of zero-day threats, I ensure that I backup my cell phone weekly, so the buzzing and notifications were a bit of a pain.

Thank you again, Vabadus.  Please let me know when there will be a fix - no rush.  Have a great day.

Regards,
-Phil

Share this post


Link to post
Share on other sites

@Vabadus

I backed up my phone today, and, as expected, on my Window 10 Pro x64, Build 1704 Maingear desktop, the ransomware warnings were triggered during the app backup phase of SmartSwitch.

I then backed up my phone to my Dell Studio XPS 1645 laptop as well, which has Windows 10 Pro x64, Build 1709.  Even though that laptop has had that build for about a month, and the SmartSwitch backups of the phone apps previously triggered the anti-ransomware warnings, today the phone was quiet: no warnings.

Go figure?

Have a great weekend.

Regards,
-Phil

Share this post


Link to post
Share on other sites

@Vabadus

I backed up my Samsung phone again today with SmartSwitch, and this time the laptop was not immune to the ransomware warnings during the application backup phase.

From looking at the messages on the phone screen, it looks like MBA is scanning some apps on my internal 64 GB micro_SD card.  Is that where SmartSwitch is creating temporary files?  Could this issue only affect users who have added a micro_SD card to their phones to increase storage?  I have nothing on the micro_SD but some photos, yet MBA is reporting scanning a backup folder on the card with .apk files inside?

I am just surprised that there have not been other reports of this problem.  I can't be the only Samsung cell phone owner who uses SmartSwitch to backup his/her phone?

Have a great weekend.

Regards,
-Phil

Share this post


Link to post
Share on other sites
On 17/11/2017 at 5:27 PM, garioch7 said:

@Vabadus

I am just surprised that there have not been other reports of this problem.  I can't be the only Samsung cell phone owner who uses SmartSwitch to backup his/her phone?

 

Hi

I have just found this thread as I appear to have the same thing happening since upgrading to Premium with Real-time protection running.

Backing up a Samsung Galaxy S7 running Android 7 to PC running Windows 10

Share this post


Link to post
Share on other sites

@Dave77

Welcome to the Malwarebytes Forums!

I am glad to hear that I am not alone experiencing this issue.  Hopefully a new version will solve this nuisance problem.

Have a great day.

Regards,
-Phil

Share this post


Link to post
Share on other sites

I have the exact same problem. Ransomware alerts while Samsung Smart Switch is backing up my Note 8. Let my know what info you need. I'm a little disappointed to see how old this thread is and there still not be any fix.

 

David

Share this post


Link to post
Share on other sites

@Vabadus

Any update on this glitch?  It is annoying.

Have a great day.

Regards,
-Phil

Share this post


Link to post
Share on other sites

@garioch7 technically it is possible to solve this problem however we need to very careful regarding not to miss anything else. So not in the coming release but the one after that, we might include that workaround. Sorry for inconvenience :(

Share this post


Link to post
Share on other sites

@Vabadus

Thank you for the update.  I will continue to wait patiently for a fix.

Have a great day.

Regards,
-Phil

Share this post


Link to post
Share on other sites

@Vabadus

I have been patiently waiting since August 2017 for this nuisance issue to be fixed.  Is there a target date for a fix on the horizon yet?

Thank you and have a great day.

Regards,
-Phil

Share this post


Link to post
Share on other sites

@garioch7i'm much aware of that and i appreciate that one.

We actually made a workaround, however it didn't pass to latest production release. The problem was it required some complicated logic in the app to prevent this case. So it was not a universal solution and only addressing this case. In order to keep the application stable for users, we decided not to release it with the latest version.

I cannot tell you exactly when, but, in this quarter we'll work on a solution which will make everyone (Devs, QAs, customers and you) happy regarding these kind of cases.

Sorry for the inconvenience :(

Share this post


Link to post
Share on other sites

Just to let you know. Smartswitch updated on my PC and does not trigger Malwarebytes anymore. For me at least, the problem seems to be fixed. I've backed up twice with no problems. I'm using Smart Switch 4.2.18014_6 running on Windows 10 Home. Backing up a Samsung Note 8, running Malwarebytes for Android 3.2.0.4.

 

Thanks

Share this post


Link to post
Share on other sites

@dkilleen

I am running the same version of SmartSwitch to back up my Samsung G386W smartphone.  On occasion, I have not received any ransomware warnings, but 98% of the time, Malwarebytes for Android (MBA) reacts to the backup of the applications on the phone.  It appears to be in some way related to the micro SD card that I have installed in the phone, because that is the path that MBA reports during the application phase of the backup.

@Vabadus

Thank you for the update.  I am disappointed that this issue has still not been fixed six months after reporting it and providing Malwarebytes with all of the requested information and logs.  It is even more disappointing that there is no scheduled release date now for a fix.  I hope this issue is fixed before it is time for me to pay for renewal this coming August.

Regards,
-Phil

Share this post


Link to post
Share on other sites

@garioch7

I also have a micro sd card in my Note 8, but it does not have any apps on it and backing up apps is where I'd get the MBA alerts. All I have on my sd card is pictures and mp3s (that I do not back up). Good luck, I hope they get you squared away

 

David

Share this post


Link to post
Share on other sites

@dkilleen

I don't have any apps on my micro SD card either.  It only has some photos on it.  It appears that when SmartSwitch is backing up the apps on the phone itself, it creates temporary files or somehow accesses the SD card, which triggers the MBA ransomware module.  There are no ransomware warnings when the actual content (.jpg files) that I have stored on the micro SD card is backed up by SmartSwitch.

I know that @Vabadus has analyzed this issue and he does know what is causing the false ransomware warnings.  It seems that fixing the problem, is THE problem.  I wonder if the Android group is sufficiently staffed ... ?  For the price paid for a year's subscription, there should be adequate staff and expertise to remedy this nuisance issue in a reasonably timely manner.  I don't think that putting up with this problem for six months and counting, is reasonable and acceptable customer service.

Just my two cents.  Have a great day, and thank you for your post.

Regards,
-Phil

Share this post


Link to post
Share on other sites

@garioch7i can assure you Android group is sufficiently staffed :)

I can tell you this, there's a solution to almost any technical problem. However, some solutions are not elegant and later on cause other headaches. We definitely do not want to do that, especially when it comes to pro-active scanning. I can tell, we are targeting to provide you an elegant solution which will fix your problems, which will not cause other problems and which actually will be helpful for other customers for different needs :)

I understand your frustration and appreciate your patience on this. I tell you, we'll nicely address this in the coming release in April ;)

Thank you Phil for bearing with us and thanks once again for your patience and all the input you provided to us.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.