Jump to content
roybot

Setup & Transfer system application detected as malware

Recommended Posts

Today (4/2/18) Malwarebytes Mobile is detecting the system application Setup & Transfer as the following:

Android/Trojan.Banker.Hqwar.i

This is a pre-existing (I think AT&T?) system application which cannot be removed only disabled - I also get a prompt asking if I want to whitelist it which I have not.  There was only one other user who posted about this in the Malware Removal for Mobile forum (sorry if this is considered a cross-post).  Has anyone else encountered this today?  Any chance it is just a false positive? 

App version: 3.2.1.2 and Malware database is 2018.04.02.01

 

Share this post


Link to post
Share on other sites

I received the same results about SETUP & TRANSFER on a AT&T device and another family member got the same result about Setup & Transfer from a different Security program as well.   So I am "guessing" it is not a false positive.  I reported this to AT&T.

It's located in:  /system/priv-app/ready2Go_ATT/ready2Go_ATT.apk

Share this post


Link to post
Share on other sites

I have seen this as well.

I don't think it is a false positive either, because i've had a fake amazon application appear on my screen that went nowhere at the login, multiple login requests from my phone for my main email at weird hours, and INCREDIBLY slow everything on my phone all of a sudden.

I have factory rest twice (both in different ways), and the second time almost got stuck rebooting. Did another scan, still there. 

It could be coincidence on my end, but I pay really close attention to everything on my phone, and there has definitely been a change on it (s7 edge) . 

I hope this gets fixed, I don't feel safe doing much on my phone, not even texting or calling. 

Share this post


Link to post
Share on other sites

Hmm this is happening on my new AT&T GS9+. I've also scanned with ESET and AVG and those aren't detecting it. 

Share this post


Link to post
Share on other sites

I have an S8+ on AT&T, and Malwarebytes just ran it's daily scan and found this on mine also in Setup & Transfer.  I think that it's probably a FP, so I'm not going to try to get rid of it as of yet.  I'm going to follow this thread and wait for further info first.

Share this post


Link to post
Share on other sites

Come on now Malwarebytes!!!!!!.....I received the same results about SETUP & TRANSFER on a AT&T device  as well.   I had Malwarebytes on my system for a while and all of a sudden it popped up last night causing a great deal of pain.  i am wiped my device factory reset my device and it still shows up.   No offense but i am thinking about throwing this software away if this is all a FP..  I am already paranoid.. and the answer AT&T gave me really pist me off...  The rep told me mobile devices never get viruses or malware which couldn't be further from the truth.  I thought maybe something came OTA (over the air)  because i don't surf on my phone.
It's located in:  /system/priv-app/ready2Go_ATT/ready2Go_ATT.apk

Share this post


Link to post
Share on other sites

Add my name to the list of users with the same Malware alert on the same AT&T file; Samsung S7. Did a hard reset of the phone and it still shows up on the native app. I too have disabled the app as it cannot be removed without rooting the phone. Since I don't want a bricked phone, I'll wait to see if this is a FP or if removal instructions are forthcoming.

Share this post


Link to post
Share on other sites

Add me to this list. If some users still have it after factory reset could it be assume to be a false positive? This app has been there since my last factory reset. 

Share this post


Link to post
Share on other sites
13 minutes ago, Pope54 said:

Add me to this list. If some users still have it after factory reset could it be assume to be a false positive? This app has been there since my last factory reset. 

I would wait until someone from Malwarebytes confirms that it's a FP.  I assume that it is a FP, but am not doing anything with it right now.  My phone is as fast as always so I see no ill effect.

Share this post


Link to post
Share on other sites
1 hour ago, Ericpro1 said:

Come on now Malwarebytes!!!!!!.....I received the same results about SETUP & TRANSFER on a AT&T device  as well.   I had Malwarebytes on my system for a while and all of a sudden it popped up last night causing a great deal of pain.  i am wiped my device factory reset my device and it still shows up.   No offense but i am thinking about throwing this software away if this is all a FP..  I am already paranoid.. and the answer AT&T gave me really pist me off...  The rep told me mobile devices never get viruses or malware which couldn't be further from the truth.  I thought maybe something came OTA (over the air)  because i don't surf on my phone.
It's located in:  /system/priv-app/ready2Go_ATT/ready2Go_ATT.apk

Yeah, i'm getting paranoid as well, and thank you for saving me a call to them..

The answer you got from AT&T is very troubling, but I guess that's just what they are told to say to cover themselves. 

Please Malwarebytes, i've stood by you guys and you have caught so many actual issues on my computers and phones in the past, just a little help would be good :} 

Share this post


Link to post
Share on other sites

Threat detected.

MWB version 3.2.1.2, malware database 2018.04.02.01, phishing database 2018.03.31.02.

Path: /system/priv-app/ready2Go_ATT/ready2GoATT.apk

System: SAMSUNG-SM-G891A, Android 7.0, kernel version 3.18.31-13107193 dpi@SWDG5121 #1 Thu Feb 22 17:55:32 KST 2018, baseband version G891AUCU2BRB5. This is a Samsung Galaxy S7 Active.

Share this post


Link to post
Share on other sites
26 minutes ago, darrelllw said:

Me too! Will not delete.

Add me to this list I have an AT&T S7 Edge.

Malwarebytes what say you?

Share this post


Link to post
Share on other sites

I am also having this issue. I have a Galaxy Note 8 on ATT. Best I was able to do is disable the app, force stop, revoke all permissions, and prevent from making changes to system settings.

Share this post


Link to post
Share on other sites

I've also received alert, on a brand new Galaxy S8 Active. I've barely even used it yet & I've had Malwarebytes on phone since I walked out of at&t store, I have disabled but can not delete. Waiting on a offical response, getting paranoid after reading up a little on what trojan.banker.hqwar is designed to steal bank info. PLEASE HELP ASAP!

Share this post


Link to post
Share on other sites

I also received an alert last night, tried factory reset, etc., and no luck. I have an AT&T Samsung S7, but I use another carrier, so every time I've ever started it, I get a notification that Setup and Transfer is a service that is unavailable. So, could it still affect my phone?? Very worried here, too!

Share this post


Link to post
Share on other sites

Add me to the list, S6 Active, Set up & Transfer, infected, need answer from Malwarebytes.

Share this post


Link to post
Share on other sites

The Malwarebytes for Android team is aware of this false positive issue and an update to fix this will be released soon.

Share this post


Link to post
Share on other sites

Same here. Hopefully someone can shed some light on this for everyone. Seeing the words "Trojan" and "Banking" next to each other almost gave me a heart attack. I've already had fraud issues recently.

Share this post


Link to post
Share on other sites

Same here; i have a Galaxy S7 and same critical threat detected in Setup & Transfer App:   Android/Trojan.Banker.Hqwar.i

 

Share this post


Link to post
Share on other sites
1 hour ago, AlexSmith said:

The Malwarebytes for Android team is aware of this false positive issue and an update to fix this will be released soon.

Thanks for the reply Alex, hope you're right. Does seem strange being my device is new and barely used.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.