Jump to content

Recommended Posts

Im having this problem as well. I have an assurance wireless umx, model U693CL. G21 news is constantly popping up as my homepage. I change it constantly, it always goes right back. I've also noticed that I'm getting new pages in new tabs that are ads for games. How do I stop this. I'm ok when it comes to phones but need someone to help walk me through.

  • Like 1
Link to post
Share on other sites
28 minutes ago, TookieLaRue said:

Im having this problem as well. I have an assurance wireless umx, model U693CL. G21 news is constantly popping up as my homepage. I change it constantly, it always goes right back. I've also noticed that I'm getting new pages in new tabs that are ads for games. How do I stop this. I'm ok when it comes to phones but need someone to help walk me through.

 

The UMX phones from Assurance (mine too) have had viruses on and off for the past couple years that are usually factory installed in system apps that can be disabled but not removed.  If you disable, you will lose functionality of that part of the system which may or may not be an issue. 

Several times UMX cleared the viruses off the phones with an update, but after a few months a new virus appeared.  I had the g21news.com virus in Dec/Jan, but then an update took it away so it seems that my phone has been virus free for the past few months.  If you get a new phone or do a factory reset the phone will update, but it may be several updates behind so you may have to go through the update process to manually check for updates and let them install two or three times until it says that you have the most current version.  I think you may need to get to the most current update and then your phone will be virus free at least for now.

We've been working on the UMX U693CL viruses in this thread: 

 

  • Thanks 2
Link to post
Share on other sites
  • 4 weeks later...

The very same problem has been manifesting itself all over my UMX U693CL  Assurance Wireless issued phone as well.   Many Thanks to all involved with this comment thread and the process of eliminating this preprogrammed malware, I will attempt the factory reset action A.S.A.P. then come back and post my findings and it's effectiveness.

  • Like 1
Link to post
Share on other sites

I work in the technical field of smartphones, including Android, so I have more than sufficient technical knowledge.  I have been helping a family friend, a senior, with solving this exact issues on the U693CL.  I am dumbfounded why Assurance and UMX allow this to continue to happen.  I implemented some tools from the previous rounds to shutdown and clean off these malware pushes.  After 3 UMX security updates, and based on behaviors I saw and tracked, I am certain the Android Security updates pushed out by UMX has weakness/vulnerabilities.  It may seen like it cleaned off some malware but in reality, it activates another one but in dormant state.  It acts as a backdoor to execute code that would otherwise subject to some Android OS level restrictions and it invokes APIs only true developers would know.

The g21news hijack was triggered by the "TopicNews" app.  Before the recent security update, that apk was called "Topic" app, I had it disabled and uninstalled via ADB shell commands.  Back at that time, the hijacked sites and pops were various game sites.  The phone system snapshot I took shows the update somehow changed the apk name and re-install re-enable it.

In addition, there has been frequent Google Play Protect notifications indicate it found an app or blocked an app from being installed that was deem malicious.  This happens when the phone is not touched or used, so some code is executing all these malicious behavior.

I logged the IP traffics and EVERY, I mean EVERY hijacked browser redirect or pop up ad that mask the screen are hosted by IP addresses in China.  Domain names are all registered with China-based domain registrars.  Servers seem to be hosted on systems with IP address serviced or registered through Alibaba, Tencent, or one of the other Chinese internet powerhouses.

I have done multiple soft/hard factory restore, and after the phone downloads the latest security updates, it would be back to the same situation with these malware, hijack and ad redirect.

From these info, I am inclined to believe Assurance is not the main culprit but it's extreme careless or have no expert inhouse to monitor or address these problems.  The key issue is with UMX.  I agree with the author of various post from Malwarebytes, there appears to be a break or vulnerability in UMX's software development custody to allow this to happen relatedly, and to both U683CL and now U693CL.

Last note, while these phones use low-end chipset from Qualcomm, like the 210/215 used in the U693CL, they are actually very capable chipset and can be a very suitable and functional modern entry-level phone for the low-income lifeline users and their day to day needs.  These malwares are so active, evasive and heavy, they render the phone completely useless, which is just super sad, especially during COVID when people really need their phone and internet.

  • Thanks 1
Link to post
Share on other sites

Yeah doing a  factory reset and running the Updates was a very temporary fix if you can call it that at all.  It only meant more work for me in placing my phone into the very same undesired and unwanted state..back to square one and it changed nothing in the device at all, it seemed to make it ever more present in any browser window that I set up and activated and applied to my phone.  A never ending circle of nonsense and all that  time wasted towards essentially going nowhere fast.   Arrgh.  

Link to post
Share on other sites
  • 4 weeks later...

Same issue as well. Have an Assurance Wireless U693CL that I got in July 2020.  It worked fine for about 6 months, then all of sudden these pop up ads started appearing for g21news stories, tarot card readings, just a bunch of B.S. crap.  This happens constantly when I try to browse, as I open apps, whatever, up pop the ads totally interrupting my use of the device.  After installing Malwarebytes, and scanning phone, it alerted to adware issue in the android "phone" application system area.

Android/PUP.Riskware.HiddenAds.YTHX.

installed application: (android icon) Phone. 

 Kinda need this app to make and receive calls?  So the phone's battery now has issues and won't last through the night. So I called Assurance and told them about my problems.  The agent to her credit tried to help me out with the pop up adware issue. Tried a few things, seemed to improve.  Of course no pop ups while talking to her. A few minutes after our conversation--- pop up ads started again, yikes...Sending "new" phone (Wiko Lite 2) out soon (because of battery Issue). Hopefully it will not have the pre-installed adware popup code embedded inside.

Link to post
Share on other sites

Yeah, man that is totally what happens on my phone too. My ever messed up phone from Assurance Wireless also a U693CL  model.  It has more problems than all the phones that I have ever owned combined and this same crap is always manifesting itself whenever I use that possessed device.

Link to post
Share on other sites

I hate  to break it to you guys but the Wiko brand seem to have licensed their name to ANS in the US.  Their parent company TInno has had an interesting past but I think is a bit better than TeleEpoch that made the UMX phone.

Assurance try at all cost not to ship out Wiko phones as insisting on UMX phones.  If you manage to get a Wiko phone, then you'd have to move to the T-Mobile network as they are shipped with T-Mobile network SIM now.

Link to post
Share on other sites
  • Staff

Hi @smitherean,

Could you send me an Apps Report?  I like to check on exactly what is triggering Android/PUP.Riskware.HiddenAds.YTHX.

 

To send an Apps Report with Malwarebytes for Android use the following instructions.

  1. Open the Malwarebytes for Android app.
  2. Tap the Menu icon.
  3. Tap Your apps.
  4. Tap three lines icon in upper right corner.
  5. Tap Send to support

Choose an email app to send Apps Report.

Your email app will open with the Apps Report included.

At this point, it would be very helpful to mention you are submitting via recommendation from the Malwarebytes forum.  This allows our support staff to know where to direct it.

By sending the Apps Report, you will create a ticket in our support system.

Private Message (PM) me the email used and/or the ticket number assigned.

As far as g21news popups, there is way to stop those.  Follow the guidance below

 

Making UMX experience more tolerable

UMX devices come with a couple of common annoyances.  Here is how to make your UMX experience more tolerable.

The first common annoyance on UMX phones is the default browser's (Chrome) default homepage. The default homepage is usually g22news.comg21news.com, or another annoying URL.  The culprit causing this to be set as the default homepage is Customizations.  Customizations is also responsible for occasionally putting ads in notifications.  You can disable Customizations in Apps info.  Make sure to have Show system selected in App info (click the three dots in upper right to find).

Picture1.png.810328472f790259e6ec27a582b662d6.png

 

If for some reason you choose not to disable Customizations but don't want g21news.com to be the default homepage, here's how to change the homepage on Chrome:

  • Settings Homepage
  • Change the Open this page to Chrome's homepage or change the g21news.com link to whatever URL you like

 

Picture2.png.500b85814284dd07b9f4b9abc283f1da.png

Next up is Online Plus.  It is responsible for the news pop up on the lock screen. Once again, you can just disable in App info.

Picture3.png.b4ba721ad04708a4d34b6e14dfec7235.png

Nathan

 

Link to post
Share on other sites

@mbam_mtbr  I think Customization and such are old last gen inserts.  They are evolving as quickly as you can find them.  Things like Online Plus, News and a few apps are always push installed by Assurance on activation, much like what Sprint does on their own branded phones. These are installed on all Assurance phone an an attempt to unify their appearance, i.e., color, wallpaper, app layout, so on, but UMX pushes something way beyond other brands.  The standard Assurance installs can be disabled and they generally stay disabled, but the UMX's specific malware are very invasive.  UMX is currently on U693CL model, which is like 3rd or 4th gen.  g21 or g22 news are not being set as Home Page - at least not in the traditional sense.  They are opening multiple Chrome tabs in a timed based fashion. The longer you wait between uses, the more tabs it seems to opened or set as an opening URL.

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.