Jump to content

Recommended Posts

So today my entry level phone just started showing fullscreen and partial screen ads randomly, and keeps on installing "emoji flashlight" and "APUS" by itself. It also installed a bogus "Settings" app once. I have run Malwarebytes, Avast and Trustlook, but not one of them can find the culprit. I ran a devtools overlay process monitor and the only suspicious program is com.adups.fota.

I tried using debloater, it sees my device but can't find any packages when I press "read device packages". On the device manager, the smartphone is identified as "MTP Device" with an exclamation point. Windows 8.1 won't let me install the latest 32-bit google USB drivers for it using the "have disk dialog", nor the "search for drivers"- it just says that specified folders do not have compatible drivers. Android USB Debugging is enabled.

Phone is a Cherry Mobile Flare A1.

My mobile phone service carriers also keep on warning me that the phone is trying to access sites - even when data is off.

Link to post
Share on other sites

Hello, did you try this also 

And you can try also MoaAB, ----> https://forum.xda-developers.com/showthread.php?t=1916098

Well you can try also this, V3.90 Debloater(Lets remove all that carrier bloat !! Root not required..) ---> https://forum.xda-developers.com/android/software/debloater-remove-carrier-bloat-t2998294

Good Luck!

MAM

 

Edited by MAM
Link to post
Share on other sites

Hi,

Thanks for the reply. As stated on the original post, I've tried Debloater and it cannot find any packages at all. 

Further investigation shows that APUS Message Center is also being automatically installed via System UI. Funny enough, it shows an upload animation on the notification bar whenever it is installing. It also automatically gets all the permissions it needs. It does this even with installation from unknown sources disabled.

The ads are all actually fullscreen overlays, as clicking on any area of the screen automatically results in a rogue installation. The ads also persist over the task switcher

Play store also automatically redirects to APUS messenger every few minutes.

I am doing a factory reset now

Link to post
Share on other sites

Hi MAM,

As stated in my original post and my reply, I have tried Debloater several times and it did not work for me. Debloater is basically alternatives #1 & #3 which you have suggested in your posting #2.

As for MoaAB, I figured it is too late for it since whatever virus got into my phone (probably through the preinstalled Adups), has already taken over quite a lot of functions since it can install apps and give permissions without my input, and also redirect from within the play store. Will install it after my refresh of the system.

------------

Just to reiterate for the info of the Malwarebytes developers: whatever malware got into my phone was hell-bent on installing the following apps:

  1. Emoji Flashlight
  2. APUS Launcher
  3. APUS Message Center

It had kept reinstalling them without my input and giving them full access permissions. This was being done even with "install from unknown sources" disabled. The malware also kept on installing bogus system-app sounding apps:

  1. Settings
  2. SystemUI
  3. Android Web Engine

All of these had non-revocable permissions to draw over other apps. The System UI and Android Web engine even managed to identify themselves as system apps which cannot be disabled (grayed out button)

The malware may also have been able to take over the native browser app, as a link to 2048+[chinese characters] with a red/yellow icon kept popping up on my homescreen and checking its info points to the native browser.

Cheers,

Link to post
Share on other sites

Upon Checking the now refreshed/factory-reset device, it seems that the malware was able to take control of legitimate system apps, instead of mimicking them:

  1.  com.android.systemui
  2.  com.google.android.webview

Unfortunately I was not able to get the apk's of the infected files before I refreshed the device as the malware was preventing me from doing a lot of things. I notice now that these can now be "disabled" from the apps settings, while before the refresh the "disable" button had been grayed out. The settings app I mentioned before was definitely malware as I was able to uninstall the duplicate of the actual android settings app from the apps settings there were two listed, one had a colorful icon and had a bunch of permissions.

I have also resulted to manual ADB uninstallation of the Adups packages (com.adups.fota & com.adups.fota.sysoper). No problems so far.

Link to post
Share on other sites

Hi @Amannibal,

It seems you have things figured out.  I updated the Disabling Adups via Debloater post to include an alternative method of using ADB command line tool to disable.

 

If anything re-installs, you can send an Apps Report and I can look deeper into it.

To send an Apps Report with Malwarebytes for Android use the following instructions.

1.Open the Malwarebytes for Android app.

2.Tap the Menu icon.

3. Tap Your apps.

4. Tap three lines icon in upper right corner.

5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included. Send the Apps Report to create a ticket.

Nathan

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.