Jump to content

Recommended Posts

Im having this problem as well. I have an assurance wireless umx, model U693CL. G21 news is constantly popping up as my homepage. I change it constantly, it always goes right back. I've also noticed that I'm getting new pages in new tabs that are ads for games. How do I stop this. I'm ok when it comes to phones but need someone to help walk me through.

  • Like 1
Link to post
Share on other sites
28 minutes ago, TookieLaRue said:

Im having this problem as well. I have an assurance wireless umx, model U693CL. G21 news is constantly popping up as my homepage. I change it constantly, it always goes right back. I've also noticed that I'm getting new pages in new tabs that are ads for games. How do I stop this. I'm ok when it comes to phones but need someone to help walk me through.

 

The UMX phones from Assurance (mine too) have had viruses on and off for the past couple years that are usually factory installed in system apps that can be disabled but not removed.  If you disable, you will lose functionality of that part of the system which may or may not be an issue. 

Several times UMX cleared the viruses off the phones with an update, but after a few months a new virus appeared.  I had the g21news.com virus in Dec/Jan, but then an update took it away so it seems that my phone has been virus free for the past few months.  If you get a new phone or do a factory reset the phone will update, but it may be several updates behind so you may have to go through the update process to manually check for updates and let them install two or three times until it says that you have the most current version.  I think you may need to get to the most current update and then your phone will be virus free at least for now.

We've been working on the UMX U693CL viruses in this thread: 

 

  • Thanks 2
Link to post
Share on other sites
  • 4 weeks later...

The very same problem has been manifesting itself all over my UMX U693CL  Assurance Wireless issued phone as well.   Many Thanks to all involved with this comment thread and the process of eliminating this preprogrammed malware, I will attempt the factory reset action A.S.A.P. then come back and post my findings and it's effectiveness.

  • Like 1
Link to post
Share on other sites

I work in the technical field of smartphones, including Android, so I have more than sufficient technical knowledge.  I have been helping a family friend, a senior, with solving this exact issues on the U693CL.  I am dumbfounded why Assurance and UMX allow this to continue to happen.  I implemented some tools from the previous rounds to shutdown and clean off these malware pushes.  After 3 UMX security updates, and based on behaviors I saw and tracked, I am certain the Android Security updates pushed out by UMX has weakness/vulnerabilities.  It may seen like it cleaned off some malware but in reality, it activates another one but in dormant state.  It acts as a backdoor to execute code that would otherwise subject to some Android OS level restrictions and it invokes APIs only true developers would know.

The g21news hijack was triggered by the "TopicNews" app.  Before the recent security update, that apk was called "Topic" app, I had it disabled and uninstalled via ADB shell commands.  Back at that time, the hijacked sites and pops were various game sites.  The phone system snapshot I took shows the update somehow changed the apk name and re-install re-enable it.

In addition, there has been frequent Google Play Protect notifications indicate it found an app or blocked an app from being installed that was deem malicious.  This happens when the phone is not touched or used, so some code is executing all these malicious behavior.

I logged the IP traffics and EVERY, I mean EVERY hijacked browser redirect or pop up ad that mask the screen are hosted by IP addresses in China.  Domain names are all registered with China-based domain registrars.  Servers seem to be hosted on systems with IP address serviced or registered through Alibaba, Tencent, or one of the other Chinese internet powerhouses.

I have done multiple soft/hard factory restore, and after the phone downloads the latest security updates, it would be back to the same situation with these malware, hijack and ad redirect.

From these info, I am inclined to believe Assurance is not the main culprit but it's extreme careless or have no expert inhouse to monitor or address these problems.  The key issue is with UMX.  I agree with the author of various post from Malwarebytes, there appears to be a break or vulnerability in UMX's software development custody to allow this to happen relatedly, and to both U683CL and now U693CL.

Last note, while these phones use low-end chipset from Qualcomm, like the 210/215 used in the U693CL, they are actually very capable chipset and can be a very suitable and functional modern entry-level phone for the low-income lifeline users and their day to day needs.  These malwares are so active, evasive and heavy, they render the phone completely useless, which is just super sad, especially during COVID when people really need their phone and internet.

  • Thanks 1
Link to post
Share on other sites

Yeah doing a  factory reset and running the Updates was a very temporary fix if you can call it that at all.  It only meant more work for me in placing my phone into the very same undesired and unwanted state..back to square one and it changed nothing in the device at all, it seemed to make it ever more present in any browser window that I set up and activated and applied to my phone.  A never ending circle of nonsense and all that  time wasted towards essentially going nowhere fast.   Arrgh.  

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.