Jump to content

Android/Trojan.Fadeb.j on system apps


Recommended Posts

Malwarebytes found Android/Trojan.Fadeb.j on  'Travel Weather Forecast', 'LockApp','com.android.system.acu', and 'Calculator'. System is BLU Studio G2 HD, Android 6.0.

These are system applications, and I cannot  delete them. I'm getting random advertising popups associated with these apps (ie, sometimes when I open an unrelated app I get an advertisement, and when I minimize it I see that, eg, 'Travel Weather Forecast' is now running.

1) Is there a way to delete these apps without rooting the phone?

2) Do you think this malware was always present on the phone, or is the infection due to download(s)? I haven't downloaded many apps, and all have been from the Play Store. I uninstalled the last few installed apps, but the malware/undesired behavior remains.

I've had the phone about 5 months, but this behavior only commenced about 2 weeks ago.

Thanks.

Link to post
Share on other sites

HI @DBonebrake,

Unfortunately, since these are system apps, they can't be uninstalled.  However, they can be disabled.  My guess is that these may have been downloaded by a known auto installer known as Adups, but I need an Apps Report to confirm.

If you can send me an Apps Report, I can look in depth into your problem.

To send an Apps Report with Malwarebytes for Android use the following instructions.

1.Open the Malwarebytes for Android app.

2.Tap the Menu icon.

3. Tap Your apps.

4. Tap three lines icon in upper right corner.

5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included. Send the Apps Report to create a ticket.

PM me the email used and/or the ticket number assigned.

Nathan

Link to post
Share on other sites

Thanks for your prompt reply; 'send apps' ticket generated and # PM'd to you.

BTW, I'm not able to disable the problematic apps; that option is grayed out for all. I can 'force stop', but the popups eventually re-emerge.

Thanks again,

D

PS: I read your interesting article on Adups. My phone was purchased from Best Buy, and not a discount retailer; does this make it less likely to have been infected by factory-installed ad/malware?

Link to post
Share on other sites
  • 1 month later...

Ok, so this is disturbing. I'm getting exactly the same popups from Calculator, Lockapp etc, identified as trojan.fadeb.j by Malwarebytes.

But the really disturbing thing is that i'm also using a BLU device!

This is a device that I hardly use. It sits on my desk and hosts my old SIM card in case I receive a text.

No way I accidentally installed malware so it's highly worrying that this device/manufacturer may have a security flaw.

Link to post
Share on other sites

I used this method to get rid of them on my phone. 

Malwarebytes identified four Trojans:

com.android.system.seas

com.android.system.latis

LockApp (which I found in a package named: com.android.provider.applock)

Calculator(pakaged as: com.anroid.calculator12)[anroid, is not misspelled btw]

The malware constantly changed it's name and icon and reinstalled itself after every deletion/disable. It even called itself cleanmaster, messages, etc. So check to see if those simple apps are oddly large or have permissions they're not supposed to. So far Malwarebytes shows no issues after I used the below method to remove them, and I hope that lasts.

Link:

https://www.google.tt/amp/s/www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/amp/

I used [ pm list packages ] to show all installed apps, you don't need the OEM specification since the infection is foreign. Follow the instructions carefully and I hope it helps. (Don't forget to clear your cache, as well as disable sideloading of apps)

Link to post
Share on other sites
  • 1 month later...

EXACT ISSUE. LockApp, Calculator, and a system app, "com.android.system.gs". BLU phone. This issue showed up after one year of use. 

In the video link to Ana1379's solution, he says a couple times that this doesn't remove the app, but simply hides the app from the user. Is there a way to remove an infected app? As mentioned these don't stay disabled. 

Link to post
Share on other sites

To bring this topic to closure WRT my phone:

I was never able to resolve the problem to my satisfaction (ie, could not permanently disable or remove the affected apps). I got a new phone (Mi A2 Lite, which I like much more than the Blu), thinking that I would root (and possibly brick) the Blu. I haven't got around to that yet.

D

 

Link to post
Share on other sites
  • 2 weeks later...

Run Malwarebytes to find the suspicious apps on your device. You can download AppInspector to find out what the apps call themselves from the results of your scan. Then uninstall them using the link above if uninstalling isn't an option from your device. 

The uninstall here is only for your user account on the device so if you do reset after they are removed, they may very well come back. 

I haven't had any issues since I got rid of them.

Link to post
Share on other sites
  • 3 weeks later...

I performed the procedure suggested by Ana1379 on the 4 detected malware files (along with Opera, which had a suspicious adjunct file which had been installed at the same time as the malwares); the advert popups have been eliminated and I haven't noticed any undesired side-effects.

While the malware hasn't been totally removed, the technique used seems to effectively prevent the bad apps from running without the hassle/risk of rooting the phone.

Thanks, Ana1379!

 

Link to post
Share on other sites
  • 1 year later...

Malwarebytes shows me:

Android/Trojen.Fadeb.j

com.android.system.ups

System application

 

It's attached to the Notification app.

Websites start up out of nowhere. Bright picture ads pop up on screen. Games I play or apps I use get interrupted by website loading. Website 51offline games or something about flowers loads the second I turn on my phone.  Am I going to have to factory reset?

I know this Trojan changes. After first warning me of this, Malwarebytes app couldn't find it anymore. But I'm stuck with it.  It started happening right after the last system update forced on my Blu.

Link to post
Share on other sites

Aiyiyi.

I'm here looking for information about why my phone keeps opening a web browser to 51offlinegames and enflower.info.  Guess what brand it is and what app malwarebytes says is the problem:  yep, Blu, and notification (com.android.sys.ups), with the Android/Trojen.Fadeb.j

Installed 24 June 2020.  Same issue as Chamorrogirl, apparently -- Blu pushed an update, and it's full of adware.

The annoying ads and such didn't start until a few days ago, though.

Sounds like it's time to get a new phone that isn't a Blu.  Only bought it because it was inexpensive and had the dual SIM capability when I was going to travel in Europe and needed an alternate provider for a few weeks.  It's been fine since last August when I bought it, but here it is a year later and it's turning into a major hassle.

I can disable Notification, but it keeps turning itself back on periodically.  Can't uninstall because it's a system app.

Link to post
Share on other sites

Yep TommyR. Hubby says he'll buy me a new phone. I don't like the hassle of changing phones but this is crazy.  Question: if I put this sim card in a different phone will it carry the Trojan over or do I have to change my number?

Link to post
Share on other sites

Hi @TommyR,

You can use this method to uninstall com.android.system.ups for current user (details in link below):

https://forums.malwarebytes.com/topic/216616-removal-instructions-for-adups/

Warning: Make sure to read Restoring apps onto the device (without factory reset) in the rare case you need to revert/restore app.

Use this/these command(s) during step 7 under Uninstalling Adups via ADB command line to remove:

adb shell pm uninstall -k --user 0 <com.android.system.ups>

@Chamorrogirl No, you do not have to worry about the malware carrying over with the SIM card.  It's only an issue with the device itself.  If you considering buying a new phone, I'd personally suggest a refurbished/renewed Google phone.  I personally bought a renewed Pixel 2 off of Amazon a couple of weeks ago, and it works great.  Just make sure it will work with your carrier.

Nathan

Link to post
Share on other sites

Thanks, Nathan.  I'd seen that set of instructions but since it involved installing android studio I didn't feel like following it at first.  I have just done so, though, and now Notification shows up in the Apps list as "Not installed for this user." (as expected).

 

We'll see if this fixes the instability I was having.  My phone started crashing randomly and then having Notification turned back on when it rebooted.  My suspicion is that the malware was causing the crashing, and something about it was letting it turn back on.  Hopefully, this use of adb to uninstall it for user 0 will fix the problem.  May take a few days to be sure --- it only crashes that often, and my disabling of Notification held until it crashed.  I hope that there's no BLU-supplied malware that will 'reinstall for user' at any point.  Even so, with this latest stunt BLU has earned my never ending scorn, and I will be replacing the phone soon regardless (I was thinking about a pixel, though perhaps not a refurbished one from amazon).

Link to post
Share on other sites
  • 1 month later...

I am having the exact same issue and my phone is also a BLU. I was able to run Malware once and it was in my calculator and notifications.  Trying to run it again is proving impossible.  The poorly-spelled popups are hijacking it.  I haven't even figured out how to run this dumb phone in safe mode. 

Link to post
Share on other sites

I am having the exact same issue and my phone is also a BLU. I was able to run Malware once and it is in my calculator and notifications.  Trying to run it again is proving impossible.  The poorly-spelled popups are hijacking it.  I haven't even figured out how to run this dumb phone in safe mode. 

No offense, but those instructions are WAY beyond my capabilities.

 

Link to post
Share on other sites

Hi Nathan,

Malwarebytes finds 2 malware problems found:

in Calculator and in Notification  Android/Trojan.Fadeb.j

they are both system applications which, even when I choose disable, turn themselves back on. I sent an email to BLU support but never heard anything back.  I found an article from 3 years ago talking about the problems with BLU phones here: https://threatpost.com/down-the-rabbit-hole-with-a-blu-phone-infection/128390/

 

Thank you for any help you can give me.

 

 

Link to post
Share on other sites

Hi @Artemisia11,

Would you mind sending me an apps report?

To send an Apps Report with Malwarebytes for Android use the following instructions.

1.Open the Malwarebytes for Android app.

2.Tap the Menu icon.

3. Tap Your apps.

4. Tap three lines icon in upper right corner.

5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included.

At this point, it would be very helpful to mention you are submitting via recommendation from the Malwareybtes forum.  This allows our support staff to know where to direct it.

By sending the Apps Report, you will create a ticket in our support system.

Private Message (PM) me the email used and/or the ticket number assigned.

Nathan

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.