Don't forget to stay hydrated.🍉🍉🍉🍉🍉@sh.itjust.works to

Mildly Infuriating@lemmy.worldEnglish · 1 day ago

I found pre-installed (unremovable) malware on my phone, and ESET doesn't seem to be checking system apps... (Ulefone Armor 24)

sh.itjust.works

239

I found pre-installed (unremovable) malware on my phone, and ESET doesn't seem to be checking system apps... (Ulefone Armor 24)

sh.itjust.works

Don't forget to stay hydrated.🍉🍉🍉🍉🍉@sh.itjust.works to

Mildly Infuriating@lemmy.worldEnglish · 1 day ago

TL;DR: If it’s also integrated into firmware, it has full-device access. If it’s just this specific app, per Kaspersky, it still has “elevated privileges” and can install crap. It cannot be disabled without breaking the UI.

Doing a scan without copying the apk:

As you can see from main screenshot, the APK would have been accessible for scanning.
I copied it to Download directory as that one gets real-time monitoring, but it will pick it up elsewhere after a scan as well.

Anyway:
VirusTotal report

Found 4 months ago by Kaspersky

And I found my device in list on blog post from Sophos. Unfortunately, they only provide a partial list, as they mention this affects “nearly 50 models”.

From listed domains, with help of strings I found launcher(dot)szprize(dot)cn, although it doesn’t seem to resolve to anything at the moment.

Also something interesting from Kaspersky:

When integrated into the firmware, the malware behaves differently depending on several factors. It will not activate if the language set on the device is one of Chinese dialects, and the time is set to one of Chinese time zones. It will also not launch if the device doesn’t have Google Play Store and Google Play Services installed.

Now what?

I’ve been using it for nearly 2 years, so there’s that…

I am thinking of contacting the retailer I bought this device from, as it’s still in sale. But I am not sure if they will care about it. Also, the only way I seem to be able to contact them is via tech support, so there’s the chance of just getting a copy-pasted answer.

As for my particular unit, I’ll probably try to update the software to newest version to see if it’s still (visibly) present.
Unfortunately, updates on these devices are unstable as fuck, so I’ll have to deal with that. I also hope it won’t make me loose access to MediaTek EngineerMode band selection as that’s something I quite want to keep using.
Or perhaps try to return it under warranty.

Since QuickStep also controls navigation (both gestures and 3-button) it can’t even be disabled even if I used alternative launcher.

Chat

socsa@piefed.social
link
fedilink
English
arrow-up
1·
3 hours ago
Oh lmao

Mildly Infuriating@lemmy.world

mildlyinfuriating@lemmy.world

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !mildlyinfuriating@lemmy.world

Home to all things “Mildly Infuriating” Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that. Please post actually infuriating posts to !actually_infuriating@lemmy.world

I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I’m not about stealing content!

It’s just good to get something in this website for casual viewing whilst refreshing original content is added overtime.

Rules:

1. Be Respectful

Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

…

2. No Illegal Content

Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means: -No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

…

3. No Spam

Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

…

4. No Porn/Explicit

Content

-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

…

5. No Enciting Harassment,

Brigading, Doxxing or Witch Hunts

-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

…

6. NSFW should be behind NSFW tags.

-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

…

7. Content should match the theme of this community.

-Content should be Mildly infuriating. If your post better fits !Actually_Infuriating put it there.

-The Community !actuallyinfuriating has been born so that’s where you should post the big stuff.

…

8. Reposting of Reddit content is permitted, but attribution is not required in any way. No links to Reddit in post body

-If you would like to provide a source link, do so in the comments but not in the post body.

…

…

Also check out:

Partnered Communities:

2.Lemmy Be Wholesome

3.Lemmy Shitpost

4.No Stupid Questions

5.You Should Know

6.Credible Defense

Reach out to LillianVS for inclusion on the sidebar.

All communities included on the sidebar are to be made in compliance with the instance rules.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

971 users / day
2.25K users / week
4.48K users / month
15.2K users / 6 months
1 local subscriber
46.4K subscribers
1.91K Posts
104K Comments
Modlog