Jump to content

beautymake malware


Recommended Posts

I managed to grab apk file of beautymake malware from /system/priv-app location in my android phone. When I scanned using Google Play Protect it shows that one harmful app detected.

After this, I uploaded this apk file to virustotal and 25 antivirus detect it as malicious app.  Please find a way to remove it from mobile. It can't be removed directly because it is system-app.

password is infected.

Thanks

Makeup.zip

Link to post
Share on other sites

Hello, you mean this https://www.virustotal.com/#/file/4e9bb0eed19f606ed262e8c3359262d2caffe7dd2c013d1cce2a9b88677636b0/detection 

crap here?

Is this right so, I guess your sample is too old. The   example should not be older than 3 months, otherwise, it will not be included in the updates, by Malwarebytes for Mobile.

Sorry.

And please read

this too, I hope that helps you.

MAM

Link to post
Share on other sites

Package name of this BeautyMakeup is  com.gangyun.makeup. I think you install beauty makeup.apk from Google Play Store because in screenshot you uploaded has same icon as in Play Store.

Please check this link https://www.apkmonk.com/app/com.gangyun.makeup.thailand/  it has same package name but it contains thailand (com.gangyun.makeup.thailand) at the end.

 

What I post original apk has this icon.

com.gangyun.makeup.thailand_150x150.png

Edited by Gajendra
Link to post
Share on other sites

@Gajendra

You are correct.  @MAM was mistakenly referencing package name com.tudasoft.android.BeMakeup found on Google Play which is clean: https://www.virustotal.com/#/file/ef2ee63b1c9f130c4ee0505fe59b348121966da383daf22958e8995fd3c1a24a/detection

As stated before, we detect the sample you provided in the first post.  However, I added detection for com.gangyun.makeup.thailand found on apkmonk as Android/Adware.Boyad in future database versions.

This may be helpful on why you didn’t see a Malwarebytes mobile detection in VirusTotal in the first post -> Malwarebytes VirusTotal Results Does NOT Reflect Mobile Detections

Nathan

Link to post
Share on other sites

  • 1 year later...

I also have BeautyMakeup present.  As stated above, it appears to have become a system app.  It was not there when I got my phone earlier in January.

About the same time that BeautyMakeup appeared, I also got infected by www.aiboo.cc   Most of the sites advise us to use Malwarebytes to remove it but it does not work.  So, what can we do?  

Link to post
Share on other sites

Hi @Patrick007,

Well the good news is that since this original post, we have discovered a work around. You can use this method to uninstall for current user (details in link below):

https://forums.malwarebytes.com/topic/216616-removal-instructions-for-adups/

Warning: Make sure to read Restoring apps onto the device (without factory reset) in the rare case you need to revert/restore app.

First thing is to see which version of BeautyMakeup you have installed.  Run command the following command and look for com.gangyun.makeup or com.gangyun.makeup.thailand:

adb shell pm list packages -f

Use one of these command(s) during step 7 under Uninstalling Adups via ADB command line to remove:

adb shell pm uninstall -k --user 0 com.gangyun.makeup.thailand
OR
adb shell pm uninstall -k --user 0 com.gangyun.makeup

Also, it may be a good idea to send me an Apps Report so I can check for any other infections on your device.

To send an Apps Report with Malwarebytes for Android use the following instructions.

1.Open the Malwarebytes for Android app.

2.Tap the Menu icon.

3. Tap Your apps.

4. Tap three lines icon in upper right corner.

5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included. Send the Apps Report to create a ticket.

PM me the email used and/or the ticket number assigned.

Nathan

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.