Installation from unknown sources, riskware

goldyau Post time 2017-1-25 18:27:02 | Show all posts [Copy link]
130 26259
Author: goldyau

Installation from unknown sources, riskware

[Copy link]

0

threads

25

posts

107

credits

Senior Member

Rank: 2

credits
107
Post time 2017-1-24 21:05:00 | Show all posts
I'm Sorry but i repeat for the second time. You say that a bug enable the unknow source. So 3 times in 2 weeks a software from unknow source automatically installed on my diamond and also into my friend's London. Same kind of app: luncher that display adv. And also get automatically all the permiss to contats, input type.. so.. i think is necessary anche OTA update as soon as possible.. but in 1 week. Also i think this was the last umi i'll buy. Thanks but it's so ridiculous. You say that u have not a bug. Then After other 10 messeges from the user: ya week have a bug. Ok... So now i say u that the bug is not only in that system settimana that enable installation from unknow source. I have more great problem. So don't minimize. Thanks u.

0

threads

12

posts

81

credits

Senior Member

Rank: 2

credits
81
Post time 2017-1-24 22:09:25 | Show all posts
Hi Guys,

Same problem here. I seems the malware is hiding in the System-UI file.  Only 360 Security seems to detect the trojan.

I've Flashed the rom with Stock ROM. But the trojan is in the offical stock rom.

Screenshot_20170124-000949.png
Screenshot_20170124-000953.png

0

threads

12

posts

81

credits

Senior Member

Rank: 2

credits
81
Post time 2017-1-24 22:18:19 | Show all posts
Dirtyharry replied at 2017-1-24 22:09
Hi Guys,

Same problem here. I seems the malware is hiding in the System-UI file.  Only 360 Securit ...

PS: This trojan is not found on the new UMI Flagship. I can only assume its only on the UMI Diamond that has this problem

4

threads

50

posts

485

credits

Platinum Member

Rank: 3Rank: 3

credits
485
Post time 2017-1-25 03:39:11 | Show all posts
I am not sure if its not an false positive match ... if it is an trojan its in an file "spende.zip" in the assets directory of the apk file .. would be nice if someone from umi answers this ASAP!
Post time 2017-1-25 04:44:04 | Show all posts
Ziggy replied at 2017-1-25 03:39
I am not sure if its not an false positive match ... if it is an trojan its in an file "spende.zip"  ...

You have answered on page number 2

4

threads

50

posts

485

credits

Platinum Member

Rank: 3Rank: 3

credits
485
Post time 2017-1-25 06:49:20 | Show all posts
MarcinP replied at 2017-1-25 04:44
You have answered on page number 2

Where on page 2 ? The "Trojan" is in the SystemUI.apk, shipped with the ROM. You can extract it from the system.img file in the Rom downloadable here in the Forum, you not even need to install the rom or need to start the phone to find it. So its delivered with the rom and does not come from any other apps!
Just take a look at the File .. inside is an directory called assets and in there a file called spende.zip.
Virustotal Results : https://virustotal.com/de/file/5 ... nalysis/1485297921/


Post time 2017-1-25 06:54:35 | Show all posts
Ziggy replied at 2017-1-25 06:49
Where on page 2 ? The "Trojan" is in the SystemUI.apk, shipped with the ROM. You can extract it fr ...

Post 17 and 19.
So far there is no other explanation.

4

threads

50

posts

485

credits

Platinum Member

Rank: 3Rank: 3

credits
485
Post time 2017-1-25 07:07:40 | Show all posts
MarcinP replied at 2017-1-25 06:54
Post 17 and 19.
So far there is no other explanation.

Well thats a good point, thats why i said it might be a false positive ;)! But you also need to understand us when our phones behave like they have a life on their own I for myself could not find out what the file does, its no known fileformat and 100% no zipfile and that makes people wonder again why its called like a zipfile and isnt one. And then the point that the name "spende" means in my language something like "donation" made it even a little suspicous, i think i overreacted a little to this.




0

threads

1

posts

9

credits

New Member

Rank: 1

credits
9
Post time 2017-1-25 16:10:11 | Show all posts
Edited by klausmuster at 2017-1-25 16:35 \n\n
First: Sorry for my bad Englisch.

Here is a solution for all (not just UMI's) that have this problem.

Basically: Why UMI built this "door", I can not say - but is with some Chinaphones so and annoying in any case. The responsible Trojan sits in the SystemUI, which is responsible for the softkeys and notification bar (also already in the original Rome from the UMI homepage), there is no CostumRom for the Diamond and I have found no way to eliminate this Trojan. But the following "trick" has at least rest. We use the shell command, which turns off the installation of unknown sources.

1. The mobile phone needs root (is for the UMI with TWRP quite simply).
2. You need the app "Tasker" (2.99 € in the store)
3. Now create a profile - preferably via "Status" - "Display Status" - "On"
4. Create a "Task" - "Code" - "Enable Shell"
5. Enter the following line at the top line: settings put secure install_non_market_apps 0
6. Set the hook in the "root" field
Done!

Effect:
Each time the screen is displayed, the switch is set to "OFF" under "Safety" - "Unknown sources" (whether it is ON or OFF!). Can also be tested: Switch ON - Screen off - Screen ON - Switch is again OFF.
So you should be relatively certain that no malware is installed.

LG

2

threads

15

posts

129

credits

Senior Member

Rank: 2

credits
129
 Author| Post time 2017-1-25 18:27:02 | Show all posts
Thank you for this manual! Unfortunately I don't want to root the phone, so I hope that new ROM will be soon finished and all the problems will be gone...
Also this script could not be enough, when you let the phone sit during the night on the table. It would have to be done every two hours maybe or something like that... But partially it could help.
You have to log in before you can reply Login | WELCOME TO UMIDIGI COMMUNITY

Points Rules

Quick Reply Top Back to list