Installation from unknown sources, riskware

pdj

I'm Sorry but i repeat for the second time. You say that a bug enable the unknow source. So 3 times in 2 weeks a software from unknow source automatically installed on my diamond and also into my friend's London. Same kind of app: luncher that display adv. And also get automatically all the permiss to contats, input type.. so.. i think is necessary anche OTA update as soon as possible.. but in 1 week. Also i think this was the last umi i'll buy. Thanks but it's so ridiculous. You say that u have not a bug. Then After other 10 messeges from the user: ya week have a bug. Ok... So now i say u that the bug is not only in that system settimana that enable installation from unknow source. I have more great problem. So don't minimize. Thanks u.

Dirtyharry

Hi Guys,

Same problem here. I seems the malware is hiding in the System-UI file.  Only 360 Security seems to detect the trojan.

I've Flashed the rom with Stock ROM. But the trojan is in the offical stock rom.

Dirtyharry

Dirtyharry replied at 2017-1-24 22:09
Hi Guys,

Same problem here. I seems the malware is hiding in the System-UI file.  Only 360 Securit ...

PS: This trojan is not found on the new UMI Flagship. I can only assume its only on the UMI Diamond that has this problem

Ziggy

I am not sure if its not an false positive match ... if it is an trojan its in an file "spende.zip" in the assets directory of the apk file .. would be nice if someone from umi answers this ASAP!

MarcinP

Ziggy replied at 2017-1-25 03:39
I am not sure if its not an false positive match ... if it is an trojan its in an file "spende.zip"  ...

You have answered on page number 2

Ziggy

MarcinP replied at 2017-1-25 04:44
You have answered on page number 2

Where on page 2 ? The "Trojan" is in the SystemUI.apk, shipped with the ROM. You can extract it from the system.img file in the Rom downloadable here in the Forum, you not even need to install the rom or need to start the phone to find it. So its delivered with the rom and does not come from any other apps!
Just take a look at the File .. inside is an directory called assets and in there a file called spende.zip.
Virustotal Results : https://virustotal.com/de/file/5 ... nalysis/1485297921/

MarcinP

Ziggy replied at 2017-1-25 06:49
Where on page 2 ? The "Trojan" is in the SystemUI.apk, shipped with the ROM. You can extract it fr ...

Post 17 and 19.
So far there is no other explanation.

Ziggy

MarcinP replied at 2017-1-25 06:54
Post 17 and 19.
So far there is no other explanation.

Well thats a good point, thats why i said it might be a false positive ;)! But you also need to understand us when our phones behave like they have a life on their own I for myself could not find out what the file does, its no known fileformat and 100% no zipfile and that makes people wonder again why its called like a zipfile and isnt one. And then the point that the name "spende" means in my language something like "donation" made it even a little suspicous, i think i overreacted a little to this.

klausmuster

\n\n

First: Sorry for my bad Englisch.

Here is a solution for all (not just UMI's) that have this problem.

Basically: Why UMI built this "door", I can not say - but is with some Chinaphones so and annoying in any case. The responsible Trojan sits in the SystemUI, which is responsible for the softkeys and notification bar (also already in the original Rome from the UMI homepage), there is no CostumRom for the Diamond and I have found no way to eliminate this Trojan. But the following "trick" has at least rest. We use the shell command, which turns off the installation of unknown sources.

1. The mobile phone needs root (is for the UMI with TWRP quite simply).
2. You need the app "Tasker" (2.99 € in the store)
3. Now create a profile - preferably via "Status" - "Display Status" - "On"
4. Create a "Task" - "Code" - "Enable Shell"
5. Enter the following line at the top line: settings put secure install_non_market_apps 0
6. Set the hook in the "root" field
Done!

Effect:
Each time the screen is displayed, the switch is set to "OFF" under "Safety" - "Unknown sources" (whether it is ON or OFF!). Can also be tested: Switch ON - Screen off - Screen ON - Switch is again OFF.
So you should be relatively certain that no malware is installed.

LG

goldyau

Thank you for this manual! Unfortunately I don't want to root the phone, so I hope that new ROM will be soon finished and all the problems will be gone...
Also this script could not be enough, when you let the phone sit during the night on the table. It would have to be done every two hours maybe or something like that... But partially it could help.