System Priv-APP: Youtube_Z5268 malware friendly

xiiihyou Post time 2017-10-5 20:54:22 | Show all posts [Copy link]
4 2024
View: 2024|Reply: 4

System Priv-APP: Youtube_Z5268 malware friendly

[Copy link]

3

threads

11

posts

134

credits

Senior Member

Rank: 2

credits
134
Post time 2016-2-7 22:03:50 | Show all posts |Read mode
I accidently tapped on a nasty advertisement, and my phone is compromised
When opening any browser, an 'intent' launch a website, that will either: open an ads, download and install software automatically

after several days of research and adb logcat, it is found that the youtube_z5268 is the culprit
  1. I/ActivityManager(  723): START u0 {act=android.intent.action.VIEW dat=http://global.ymtracking.com/trace?offer_id=110833&aff_id=27742 flg=0x10000000 cmp=com.chrome.dev/com.google.android.apps.chrome.Main} from uid 10150 on display 0
Copy the Code
and checking the UID 10150 yields:
  1. <package name="com.google.android.youtube" codePath="/system/priv-app/youtube_Z5268" nativeLibraryPath="/system/priv-app/youtube_Z5268/lib" flags="1075363405" pkgFlagsEx="0" ft="150d75c0ed0" it="15202d97f21" ut="150d75c0ed0" version="1599000099" <font color="#ff0000">userId="10150"</font> installer="com.android.vending">
Copy the Code
removing this app via shell solves the problem.
  1. su
  2. mount -o remount,rw /system
  3. rm -r /system/priv_app_youtube_Z5268
Copy the Code
and restart the phone.
Post time 2016-2-8 08:13:20 | Show all posts
Could you tell us which ROM version you're using? I checked the v3.01 version but no such file in it.

3

threads

11

posts

134

credits

Senior Member

Rank: 2

credits
134
 Author| Post time 2016-2-8 08:54:28 | Show all posts
bencebacsi replied at 2016-2-8 08:13
Could you tell us which ROM version you're using? I checked the v3.01 version but no such file in it ...

all other rom aside the stock rom from the rom downloader
Post time 2016-2-8 23:09:38 | Show all posts
Yes, I see now and the com.supercleaner.apk app in the systam/app folder is another malware, that should be removed. Thank you for your warning notification.

0

threads

2

posts

11

credits

New Member

Rank: 1

credits
11
Post time 2017-10-5 20:54:22 | Show all posts
Hi, this is the situation that your phone is vulnerable to cyber attacks. There are very dangerous malicious programs, for example, ransomware http://myspybot.com/ykcol-locky-ransomware/
You have to log in before you can reply Login | WELCOME TO UMIDIGI COMMUNITY

Points Rules

Quick Reply Top Back to list