Jump to content

Recommended Posts

4 hours ago, zealstarwind said:

I recently updated from the previously mentioned umx phone to an updated U693CL and I am getting a pop-up in Chrome, it always opens a new tab for g21news.com after a set random time. Malwarebytes doesn't detect anything and I suspect it's changed or the app is hidden behind admin commands. Also there is a modified home screen that will not allow me to remove Google search bar on the home screen. If assurance wireless was looking into it they ain't doing crap about it as they probably know and are getting payed by the manufacturer. 

There have been a variety of issues like this for our UMX phones the past couple years.  Assurance is well aware and they do nothing.  Usually the problem persists for awhile and then UMX fixes it with an update so the phone will be fine for months, but then another one pops up.  There is nothing you can do about it unless you use ADB to disable the system app that the virus is factory installed in.  For example I disabled Wireless Update a couple years ago and then my phone and nothing on it ever updated until I knew the virus had been fixed by UMX and reset my phone.

The virus you have didn't seem as bad.  I cant remember which system app it is in.  But I don't have the G21 news virus anymore because I think a later update had fixed it.  Go through the update routine again to see that you have the latest update installed.  With the last update that I have I don't see any virus activity.

Link to post
Share on other sites
  • Replies 59
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

An app called "alarm" installed and started spamming this fake lock screen on my phone this morning, I'm curious if anyone else has had something similar happen?  If so, getting rid of the alarm app i

There was a firmware update last week and I tried it thinking that it couldn't make the phone any worse.  After the update malwarebytes no longer flags the settings app, but I did notice an odd blank

Thank you.  I did the wireless update a couple of weeks ago, and so far no malware, and no new apps, so this seems good.  I'm able to leave my wireless on now, if I want, without having stuff added.

Posted Images

  • Staff
13 hours ago, zealstarwind said:

I recently updated from the previously mentioned umx phone to an updated U693CL and I am getting a pop-up in Chrome, it always opens a new tab for g21news.com after a set random time. Malwarebytes doesn't detect anything and I suspect it's changed or the app is hidden behind admin commands. Also there is a modified home screen that will not allow me to remove Google search bar on the home screen. If assurance wireless was looking into it they ain't doing crap about it as they probably know and are getting payed by the manufacturer. 

Hi @zealstarwind,

See this post to resolve g21news.com homepage: 

Nathan

Link to post
Share on other sites

I do not have any apps on my phone that didn't come preloaded besides me installing discord. It is probably baked in and I have disabled all extraneous apps I could. This is just a thing with assurance wireless and umx where every phone comes prebaked with malware to pop up ads. 

Link to post
Share on other sites
On 4/6/2021 at 11:23 AM, zealstarwind said:

I do not have any apps on my phone that didn't come preloaded besides me installing discord. It is probably baked in and I have disabled all extraneous apps I could. This is just a thing with assurance wireless and umx where every phone comes prebaked with malware to pop up ads. 

I think it's in the settings app.  I had the G21news virus last year, but later updates got rid of it.  When you get a new phone it may be several updates behind so you have to go through the update process several times until it  says that you have the most up to date.

Link to post
Share on other sites
10 minutes ago, stvvv said:

think it's in the settings app

IT was actually the Customizations app.  I didn't bother do disable it at the time because I didn't know what that would do.

Link to post
Share on other sites

Hey guys,

I wanted to give my two cents on this issue since it has also been bothering me. I appreciate all the replies and have tried every single solution possible, but I still couldn't get rid of the damn tarot card site or G21 news. It was driving me insane. And I recently fell victim to a serious breach in my personal privacy that I might have to seek legal counsel for. I couldn't think of anything that would be the cause, other than my phone.

 I called my service provider and simply requested a new phone that WASN'T of the UMX brand. They sent me a Wiko, and after a brief search, I found next to none malware complaints for this brand akin to the UMX phones.

I've only been using it for today so far and I haven't found any issues, but if I do I'll give an update just to be informative. I don't know if requesting a new phone is an option for everyone here but if it is and you can't do anything about the malware on your current phone, maybe consider it. And make sure it's not another UMX. If I find out my previous phone had anything to due with my security compromise, I am seriously considering suing someone.

Link to post
Share on other sites
  • Staff
14 hours ago, Darien said:

Hey guys,

I wanted to give my two cents on this issue since it has also been bothering me. I appreciate all the replies and have tried every single solution possible, but I still couldn't get rid of the damn tarot card site or G21 news. It was driving me insane. And I recently fell victim to a serious breach in my personal privacy that I might have to seek legal counsel for. I couldn't think of anything that would be the cause, other than my phone.

 I called my service provider and simply requested a new phone that WASN'T of the UMX brand. They sent me a Wiko, and after a brief search, I found next to none malware complaints for this brand akin to the UMX phones.

I've only been using it for today so far and I haven't found any issues, but if I do I'll give an update just to be informative. I don't know if requesting a new phone is an option for everyone here but if it is and you can't do anything about the malware on your current phone, maybe consider it. And make sure it's not another UMX. If I find out my previous phone had anything to due with my security compromise, I am seriously considering suing someone.

Hi @Darien,

Good to hear you convinced Assurance Wireless to send a non-UMX phone.  Also avoid ANS.  If available, I would try to stick to phone manufacturers that are more well known.  Unfortunately, you can no longer see the phone options on Assurance Wireless' website or I'd give recommendations.

Nathan

Link to post
Share on other sites
  • 1 month later...

A repost from me, from another thread:

I work in the technical field of smartphones, including Android, so I have more than sufficient technical knowledge.  I have been helping a family friend, a senior, with solving this exact issues on the U693CL.  I am dumbfounded why Assurance and UMX allow this to continue to happen.  I implemented some tools from the previous rounds to shutdown and clean off these malware pushes.  After 3 UMX security updates, and based on behaviors I saw and tracked, I am certain the Android Security updates pushed out by UMX has weakness/vulnerabilities.  It may seen like it cleaned off some malware but in reality, it activates another one but in dormant state.  It acts as a backdoor to execute code that would otherwise subject to some Android OS level restrictions and it invokes APIs only true developers would know.

The g21news hijack was triggered by the "TopicNews" app.  Before the recent security update, that apk was called "Topic" app, I had it disabled and uninstalled via ADB shell commands.  Back at that time, the hijacked sites and pops were various game sites.  The phone system snapshot I took shows the update somehow changed the apk name and re-install re-enable it.

In addition, there has been frequent Google Play Protect notifications indicate it found an app or blocked an app from being installed that was deem malicious.  This happens when the phone is not touched or used, so some code is executing all these malicious behavior.

I logged the IP traffics and EVERY, I mean EVERY hijacked browser redirect or pop up ad that mask the screen are hosted by IP addresses in China.  Domain names are all registered with China-based domain registrars.  Servers seem to be hosted on systems with IP address serviced or registered through Alibaba, Tencent, or one of the other Chinese internet powerhouses.

I have done multiple soft/hard factory restore, and after the phone downloads the latest security updates, it would be back to the same situation with these malware, hijack and ad redirect.

From these info, I am inclined to believe Assurance is not the main culprit but it's extreme careless or have no expert inhouse to monitor or address these problems.  The key issue is with UMX.  I agree with the author of various post from Malwarebytes, there appears to be a break or vulnerability in UMX's software development custody to allow this to happen relatedly, and to both U683CL and now U693CL.

Last note, while these phones use low-end chipset from Qualcomm, like the 210/215 used in the U693CL, they are actually very capable chipset and can be a very suitable and functional modern entry-level phone for the low-income lifeline users and their day to day needs.  These malwares are so active, evasive and heavy, they render the phone completely useless, which is just super sad, especially during COVID when people really need their phone and internet.

Link to post
Share on other sites

By the way, if Assurance tell you the issue will go ahead once merged/transitioned to the T-Mobile network, then they are grossly misinforming customers.  I've checked with industry contacts, the Assurance put out bids for phones knowing the Sprint network will be decommissioned.  For a couple of years now, all the new phone designs are required to support all of T-Mobile LTE bands, including the latest bands, 12, 41, 66 and 71.  These phones will not need to be replaced and they simply have to send you a new T-Mobile based SIM card.  This means whatever backdoor and weakness will still be in the phone.

It seems like UMX is doing this on purpose, to generate ad money.  If they want to fix this, it should be doable when that offend apk is in the factory image.  There is no technical limit why this could not be done quickly and efficiently as a permanent fix.

Link to post
Share on other sites
1 hour ago, _W_ said:

In addition, there has been frequent Google Play Protect notifications indicate it found an app or blocked an app from being installed that was deem malicious.  This happens when the phone is not touched or used, so some code is executing all these malicious behavior.

I logged the IP traffics and EVERY, I mean EVERY hijacked browser redirect or pop up ad that mask the screen are hosted by IP addresses in China.  Domain names are all registered with China-based domain registrars.  Servers seem to be hosted on systems with IP address serviced or registered through Alibaba, Tencent, or one of the other Chinese internet powerhouses.

I installed noroot firewall as recommended, and have pretty much blocked everything except a few trusted apps (blocked ALL wireless updates, google services, android services etc).  Bothersome, but at least now I can use my phone.  They are unable to install junk, but I don't know if this is actually protecting my data or not.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.