Jump to content
DBonebrake

Android/Trojan.Fadeb.j on system apps

Recommended Posts

Malwarebytes found Android/Trojan.Fadeb.j on  'Travel Weather Forecast', 'LockApp','com.android.system.acu', and 'Calculator'. System is BLU Studio G2 HD, Android 6.0.

These are system applications, and I cannot  delete them. I'm getting random advertising popups associated with these apps (ie, sometimes when I open an unrelated app I get an advertisement, and when I minimize it I see that, eg, 'Travel Weather Forecast' is now running.

1) Is there a way to delete these apps without rooting the phone?

2) Do you think this malware was always present on the phone, or is the infection due to download(s)? I haven't downloaded many apps, and all have been from the Play Store. I uninstalled the last few installed apps, but the malware/undesired behavior remains.

I've had the phone about 5 months, but this behavior only commenced about 2 weeks ago.

Thanks.

Share this post


Link to post
Share on other sites

HI @DBonebrake,

Unfortunately, since these are system apps, they can't be uninstalled.  However, they can be disabled.  My guess is that these may have been downloaded by a known auto installer known as Adups, but I need an Apps Report to confirm.

If you can send me an Apps Report, I can look in depth into your problem.

To send an Apps Report with Malwarebytes for Android use the following instructions.

1.Open the Malwarebytes for Android app.

2.Tap the Menu icon.

3. Tap Your apps.

4. Tap three lines icon in upper right corner.

5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included. Send the Apps Report to create a ticket.

PM me the email used and/or the ticket number assigned.

Nathan

Share this post


Link to post
Share on other sites

Thanks for your prompt reply; 'send apps' ticket generated and # PM'd to you.

BTW, I'm not able to disable the problematic apps; that option is grayed out for all. I can 'force stop', but the popups eventually re-emerge.

Thanks again,

D

PS: I read your interesting article on Adups. My phone was purchased from Best Buy, and not a discount retailer; does this make it less likely to have been infected by factory-installed ad/malware?

Share this post


Link to post
Share on other sites

Ok, so this is disturbing. I'm getting exactly the same popups from Calculator, Lockapp etc, identified as trojan.fadeb.j by Malwarebytes.

But the really disturbing thing is that i'm also using a BLU device!

This is a device that I hardly use. It sits on my desk and hosts my old SIM card in case I receive a text.

No way I accidentally installed malware so it's highly worrying that this device/manufacturer may have a security flaw.

Share this post


Link to post
Share on other sites

Furthermore, I manually disabled the fake Calculator app prior to running the Malwarebytes scan. Only to discover that it somehow re-enabled itself.

Share this post


Link to post
Share on other sites

I used this method to get rid of them on my phone. 

Malwarebytes identified four Trojans:

com.android.system.seas

com.android.system.latis

LockApp (which I found in a package named: com.android.provider.applock)

Calculator(pakaged as: com.anroid.calculator12)[anroid, is not misspelled btw]

The malware constantly changed it's name and icon and reinstalled itself after every deletion/disable. It even called itself cleanmaster, messages, etc. So check to see if those simple apps are oddly large or have permissions they're not supposed to. So far Malwarebytes shows no issues after I used the below method to remove them, and I hope that lasts.

Link:

https://www.google.tt/amp/s/www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/amp/

I used [ pm list packages ] to show all installed apps, you don't need the OEM specification since the infection is foreign. Follow the instructions carefully and I hope it helps. (Don't forget to clear your cache, as well as disable sideloading of apps)

Share this post


Link to post
Share on other sites

I forgot to mention, I had my phone in safe mode while I did this and restarted after the uninstall was completed. 

Share this post


Link to post
Share on other sites

EXACT ISSUE. LockApp, Calculator, and a system app, "com.android.system.gs". BLU phone. This issue showed up after one year of use. 

In the video link to Ana1379's solution, he says a couple times that this doesn't remove the app, but simply hides the app from the user. Is there a way to remove an infected app? As mentioned these don't stay disabled. 

Share this post


Link to post
Share on other sites

To bring this topic to closure WRT my phone:

I was never able to resolve the problem to my satisfaction (ie, could not permanently disable or remove the affected apps). I got a new phone (Mi A2 Lite, which I like much more than the Blu), thinking that I would root (and possibly brick) the Blu. I haven't got around to that yet.

D

 

Share this post


Link to post
Share on other sites

Run Malwarebytes to find the suspicious apps on your device. You can download AppInspector to find out what the apps call themselves from the results of your scan. Then uninstall them using the link above if uninstalling isn't an option from your device. 

The uninstall here is only for your user account on the device so if you do reset after they are removed, they may very well come back. 

I haven't had any issues since I got rid of them.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.