Jump to content

Recommended Posts

I managed to grab apk file of beautymake malware from /system/priv-app location in my android phone. When I scanned using Google Play Protect it shows that one harmful app detected.

After this, I uploaded this apk file to virustotal and 25 antivirus detect it as malicious app.  Please find a way to remove it from mobile. It can't be removed directly because it is system-app.

password is infected.

Thanks

Makeup.zip

Share this post


Link to post
Share on other sites

Hello, you mean this https://www.virustotal.com/#/file/4e9bb0eed19f606ed262e8c3359262d2caffe7dd2c013d1cce2a9b88677636b0/detection 

crap here?

Is this right so, I guess your sample is too old. The   example should not be older than 3 months, otherwise, it will not be included in the updates, by Malwarebytes for Mobile.

Sorry.

And please read

this too, I hope that helps you.

MAM

Share this post


Link to post
Share on other sites

@mbam_mtbr

Hello, sorry that can I not believe. I have also installed this App, Malwarebytes for Mobile cannot those nasty to recognize my smartphone.

Well, that is odd to me.

MAM

Share this post


Link to post
Share on other sites

Hello, well well well hours later, pictures say more than a thousand words.

Please have a deeper look at this pictures, I cannot found this nasty on my Smartphone.

Sorry don´t know whats going on by me.

MAM

Screenshot_20180115-212913.png

Screenshot_20180115-212446.png

Screenshot_20180115-211742.png

Share this post


Link to post
Share on other sites

@MAM,

I checked again, and for sha256 4e9bb0eed19f606ed262e8c3359262d2caffe7dd2c013d1cce2a9b88677636b0, it is detected.  You may have another version installed that is not detected.

Nathan

Share this post


Link to post
Share on other sites

Package name of this BeautyMakeup is  com.gangyun.makeup. I think you install beauty makeup.apk from Google Play Store because in screenshot you uploaded has same icon as in Play Store.

Please check this link https://www.apkmonk.com/app/com.gangyun.makeup.thailand/  it has same package name but it contains thailand (com.gangyun.makeup.thailand) at the end.

 

What I post original apk has this icon.

com.gangyun.makeup.thailand_150x150.png

Edited by Gajendra

Share this post


Link to post
Share on other sites

@Gajendra

You are correct.  @MAM was mistakenly referencing package name com.tudasoft.android.BeMakeup found on Google Play which is clean: https://www.virustotal.com/#/file/ef2ee63b1c9f130c4ee0505fe59b348121966da383daf22958e8995fd3c1a24a/detection

As stated before, we detect the sample you provided in the first post.  However, I added detection for com.gangyun.makeup.thailand found on apkmonk as Android/Adware.Boyad in future database versions.

This may be helpful on why you didn’t see a Malwarebytes mobile detection in VirusTotal in the first post -> Malwarebytes VirusTotal Results Does NOT Reflect Mobile Detections

Nathan

Share this post


Link to post
Share on other sites

It would be great you are adding this in database. I want to remove com.gangyun.makeup from my android phone.

Share this post


Link to post
Share on other sites

Hi @Gajendra,

If it's a system app, it will most likely still be there after a factory reset.  Yes, rooting would work to remove, but that is a risky endeavor just to remove a simple Adware app.  I suggest just disabling it and whitelisting in Malwarebytes for Android so the detection doesn't' keep popping up.

Nathan

Share this post


Link to post
Share on other sites

Hello,

that was my fault, sorry for confusing in this matter.

I probably confused two "avoidable" apps, I apologize for that, doho waho.

MAM

Share this post


Link to post
Share on other sites

I also have BeautyMakeup present.  As stated above, it appears to have become a system app.  It was not there when I got my phone earlier in January.

About the same time that BeautyMakeup appeared, I also got infected by www.aiboo.cc   Most of the sites advise us to use Malwarebytes to remove it but it does not work.  So, what can we do?  

Share this post


Link to post
Share on other sites

Hi @Patrick007,

Well the good news is that since this original post, we have discovered a work around. You can use this method to uninstall for current user (details in link below):

https://forums.malwarebytes.com/topic/216616-removal-instructions-for-adups/

Warning: Make sure to read Restoring apps onto the device (without factory reset) in the rare case you need to revert/restore app.

First thing is to see which version of BeautyMakeup you have installed.  Run command the following command and look for com.gangyun.makeup or com.gangyun.makeup.thailand:

adb shell pm list packages -f

Use one of these command(s) during step 7 under Uninstalling Adups via ADB command line to remove:

adb shell pm uninstall -k --user 0 com.gangyun.makeup.thailand
OR
adb shell pm uninstall -k --user 0 com.gangyun.makeup

Also, it may be a good idea to send me an Apps Report so I can check for any other infections on your device.

To send an Apps Report with Malwarebytes for Android use the following instructions.

1.Open the Malwarebytes for Android app.

2.Tap the Menu icon.

3. Tap Your apps.

4. Tap three lines icon in upper right corner.

5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included. Send the Apps Report to create a ticket.

PM me the email used and/or the ticket number assigned.

Nathan

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.