Info please: How does malware attack on Android work - Security Discussion

I have a tab Lenovo A5500-HV, recently it was malware compromised mostly in
/system/priv-app/*.apk
/system/app/*.apk
My tab is not rooted. I can no longer keep my Unknown devices installation (checked off) and if I connect to internet installation of file with weird names are installed which interrupt and disrupt normal functioning to standstill.
I wish to understand
a) How is trojan or backdoor infestation in android different from windows
b) Why isnt best known antivirus and anti- malwares of windows platform unable to neither detect or remove infected files (Device not rooted)
c) How can I protect my device as I tried hard reset but it did no good
So please share some application/s (apk) to detect infected files and hopefully remove (without rooting if possible and still securing default android). Norton/ AVG/ Avast failed to detect them but Malwarebytes detect but none could disinfect

Ashish1+1 said:
I have a tab Lenovo A5500-HV, recently it was malware compromised mostly in
/system/priv-app/*.apk
/system/app/*.apk
My tab is not rooted. I can no longer keep my Unknown devices installation (checked off) and if I connect to internet installation of file with weird names are installed which interrupt and disrupt normal functioning to standstill.
I wish to understand
a) How is trojan or backdoor infestation in android different from windows
b) Why isnt best known antivirus and anti- malwares of windows platform unable to neither detect or remove infected files (Device not rooted)
c) How can I protect my device as I tried hard reset but it did no good
So please share some application/s (apk) to detect infected files and hopefully remove (without rooting if possible and still securing default android). Norton/ AVG/ Avast failed to detect them but Malwarebytes detect but none could disinfect
Click to expand...
Click to collapse
a) The only differences are technical ones, such as executing exploits and creating the malware itself.
b) Because malware isn't nearly as popular on Android compared to Windows, so naturally less interest for security companies and less malware samples to analyse.
c) If you can't get it removed with a hard reset, either the company selling you the phone has infected the ROM, or an app has rooted your phone, injected itself onto /system and now you're screwed.
My advice: completely re-flash the stock (or more preferably) a stable custom tom. This does require you to root (or flash a custom recovery via fastboot).

janekmuric said:
a) The only differences are technical ones, such as executing exploits and creating the malware itself.
b) Because malware isn't nearly as popular on Android compared to Windows, so naturally less interest for security companies and less malware samples to analyse.
c) If you can't get it removed with a hard reset, either the company selling you the phone has infected the ROM, or an app has rooted your phone, injected itself onto /system and now you're screwed.
My advice: completely re-flash the stock (or more preferably) a stable custom tom. This does require you to root (or flash a custom recovery via fastboot).
Click to expand...
Click to collapse
Thanks for taking time. So this means if the app has rooted the phone does the phone stay rooted for the user (for removal) or for the device now is at the mercy of malware as any internet connectivity will re invite their infected downloads. And say, if its rooted please share few antivirus , antimalwares or apps that can assist in erasing trojan or backdoor through the path viewed.
Sent from my A0001 using XDA-Developers mobile app

Ashish1+1 said:
Thanks for taking time. So this means if the app has rooted the phone does the phone stay rooted for the user (for removal) or for the device now is at the mercy of malware as any internet connectivity will re invite their infected downloads. And say, if its rooted please share few antivirus , antimalwares or apps that can assist in erasing trojan or backdoor through the path viewed.
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
You cannot use the root exploit to remove the malware. There is NO antivirus app that can remove that malware because it's on a partition the antivirus can't access.
Only way to remove the threat for sure is to flash a new rom on the phone, but this requires root.
If you guys don't know how to root, you can try the new Dirty Cow exploit. There aren't any one click apps yet, but you can compile it as the source code is on GitHub.

So this means after flashing, need to search for stable custom ROM which has to be compatible with
Sent from my A0001 using XDA-Developers mobile app

Had a good read but from an old article on "android has a big security problem, but antivirus apps can't do much to help" but was posted on Oct 29, 2015. Is it still valid
Sent from my A0001 using XDA-Developers mobile app

Ashish1+1 said:
Had a good read but from an old article on "android has a big security problem, but antivirus apps can't do much to help" but was posted on Oct 29, 2015. Is it still valid
Sent from my A0001 using XDA-Developers mobile app
Click to expand...
Click to collapse
Yes, it's still valid as apps will always be sandboxed in Android so security apps can't access malware in most of the partitions on your phone if they have managed to install themselves there, but AV can still identify malware (in some partitions at least, I think there are some they cannot read), so I think they have their uses, but they are limited by the very thing that makes Android more secure than Windows out the box, ie how apps are sandboxed. One thing that has changed though since that was written is there are a number of new exploits that can gain root, when it was written I think it was generally considered unlikely a malicious app could gain access to root, now I would say it's not on older versions of Android.
ANd just to clarify what has been said above by Janek, you should install stock ROM first then a custom ROM if you want one, as stock will overwrite all partitons while most custom ROMs will not!

Thanks for the info. Another quert, any suggestion for sandboxes browser that can be recommended
Sent from my A0001 using XDA-Developers mobile app

Related

a Rooting question

Guys..if I root my samsung galaxy s 2 i know there are risks such as if im infected with malware or whatever software software i use the will have ADMIN right over the whole phone.
How ever at the moment its no rooted and if an application needs admin rights it asks for a password ad is added to the DEVICE ADMINISTRATORS
so my question is once i root my phone WILL THE SOFTWARE ASK FOR DEVICE ADMIN RIGHTS IF IT REQUIRES THEM ?? OR WILL IT ACQUIRE THEM AUTOMATICALLY WITHOUT ASKKING ???
Hello!
don't worry about that!
Rooting your phone puts an app called "Superuser" in your app drawer.
Whenever an app wants root access, Superuser will asks you if it's OK. If you say no, the app will not get root access.
dead soul said:
Guys..if I root my samsung galaxy s 2 i know there are risks such as if im infected with malware or whatever software software i use the will have ADMIN right over the whole phone.
How ever at the moment its no rooted and if an application needs admin rights it asks for a password ad is added to the DEVICE ADMINISTRATORS
so my question is once i root my phone WILL THE SOFTWARE ASK FOR DEVICE ADMIN RIGHTS IF IT REQUIRES THEM ?? OR WILL IT ACQUIRE THEM AUTOMATICALLY WITHOUT ASKKING ???
Click to expand...
Click to collapse
some methods of rooting find an exploit in your phone, but this is used to give you superuser. now dont think that means that rooting leaves your phone wide open. your phone is just as likely to be infected as my phone. just install antivirus apps (lookout)
Don't worry about it. I don't think there are too much malware on android system, unless you get something from outside android market like crack or something else.
anyway,If you still worry about this. I suggest you just say no to any app ask root.
Thanx man
Sent from my GT-I9100 using XDA App
Thanx
Sent from my GT-I9100 using XDA App

android rooting without a pc ?

hi, is it conceivably possible to root a fone with something like connect-bot. since it's local command-line shell has access to the directory tree above /mnt/sdcard , couldnt someone download the files needed for the root to the fone via the web browser and copy them to the correct locations with something like connect bot ?
i am new to android so i am wondering if there is a hole in my theory ?
thanks,
Depends on the phone really. Some need to flash files you normally can't while OS is still up. Some, perhaps?
There are root deployment applications which can be ran on some phones
Sent from my Verizon Supersonic using XDA App
thanks, i wonder if there is a roster of files that need to be updated/ replaced for rooting a 'samsung galaxy s2 epic 4g touch by sprint' (i hate that name).
the reason why i ask is because since android has a perfectly capable linux command-line and file browser then there is no need for windows. (i managed to install heimdall on fedora but i have a suspicion that the apb just runs the commands as if it was run directly on the fone).
Most of the phones need to connect into PC usb port... unfortunatelly
The way of rooting depends on which android version you are using. Some exploits allow applications to get root privilege; others, like psneuter(2.1) or zergRush(2.3.3) work restarting the ADBd with root privileges by making it believe it's running on a test(rooted) phone.
On the first case, I remember an application called "Universal Androot", which I used to root my first Android phone, SE Xperia X10 mini, when using Android 1.6. That app exploited some security error on the system, and gained root itself, so I rooted my phone without need of a computer. Also, for 2.3 API Level 9, I think GingerBreak has an android app which does the same.
For the second type(the most common), it's necessary to use a computer, as the only way to get the root privilege once exploited is via the ADB console "adb shell". The other processes will remain running with their original privileges.
^ thx for the explanation. kinda' like you cant upgrade the kernal of a running system.
hmm that would be nice if someone sort this out..
Like Z4?
HTC Thunderbolt running MIUI
sort of, but more related to android security: exploits like psneuter & zergRush attack ADBd to make it run as root. other exploits, like gingerbreak, give root privileges to the application which run the exploit(somehow equivalent to running "su" on the terminal)
Sent from my MK16i using XDA App

Does Rooting Phone corrupts your android phone software

I tried to root the phone via pc and the software successfully rooted my phone and install the app on my pc .
when i use the app , i tried two options
optimize pc and remove buildin games in my phone
due to which my phone software corrupted .
please advice does that mean that when you delete and builtin file , the phone will corrupt ?
what went wrong here , as i didnt deleted any system files . i think optimize did the stuff. is my understanding correct ?
earthworm82 said:
I tried to root the phone via pc and the software successfully rooted my phone and install the app on my pc .
when i use the app , i tried two options
optimize pc and remove buildin games in my phone
due to which my phone software corrupted .
please advice does that mean that when you delete and builtin file , the phone will corrupt ?
what went wrong here , as i didnt deleted any system files . i think optimize did the stuff. is my understanding correct ?
Click to expand...
Click to collapse
People here can help you only if you give details, such
s your device, android version, ROM, the app you used, etc.
Anyway Rooting doesn't corrupt anything, it merely gives you and various apps the administrator privilege
So that any files can be edited. This editing might cause issues if done carelessly...
appviz said:
People here can help you only if you give details, such
s your device, android version, ROM, the app you used, etc.
Anyway Rooting doesn't corrupt anything, it merely gives you and various apps the administrator privilege
So that any files can be edited. This editing might cause issues if done carelessly...
Click to expand...
Click to collapse
Android version 2.3.5
Mobile : VGOTEL VENTURE V1
Baseband version MAUI.AMD.W11.50.SP.V29.P3,2012/11/20
Rooting your device can give you super access that can give u also the authority to uninstall built-in app.
Mar Kevin said:
Rooting your device can give you super access that can give u also the authority to uninstall built-in app.
Click to expand...
Click to collapse
No rooting program should install anything to your pc except for the kit to root it. You most likely got dupped into installing some spyware

[Q] Kingoroot - malware?

Hi
I just downloaded this app from the CNET link (following the link on www kingoapp.com/ android-root . htm) on the basis that CNET is reputable and that the app is likely to be safe.
Upon running the installer it connects to the internet and then downloads an app. My antivirus kicks in saying that the installer contains Pua.Adware.Proinstall
Has anyone experienced reviewed the rooting app and considered it safe? (I know that they issued an explanation, but not clear that they ever followed it up and fixed the issues that led to the initial banning here)
Ok - used the installer from their ftp, no suggestion of adware, but note that app still tries to connect to the internet when running. Why?
Also just ran it through virustotal:
CAT-QuickHeal (Suspicious) - DNAScan 20141210
Cyren W32/MalwareHiderPatched-based!M 20141210
F-Prot W32/MalwareHiderPatched-based!M 20141210
TrendMicro-HouseCall Suspicious_GEN.F47V1121 20141210
Because they are known to send you device I go to their server. Things like you IMEI and other device info
odywd
zelendel said:
Because they are known to send you device I go to their server. Things like you IMEI and other device info
Click to expand...
Click to collapse
I thought they stopped that?
What other root method is better?
I have use Kingoroot for my phone is work well
Kingoroot connects to the Internat because it checks for execuable scripts for this device.

[Q] trojan. ..

recently downloaded a zip file for a rom.
ran norton and it found a trojan.
norton dealt with the issue, all is clean now it says.
2?'s
is the rom safe to use now if norton gave the green light?
where did this trojan come from?
was it the dev? i have used his roms before, and no issues...
hard for me to think, as was said in another post that he would take the time to cook up the rom just to slip a trojan in. but i understand it's a possibility.
is there a chance that it was not injected by the dev though?
somehow in transit through the net or on the hosting site?
really would like to beleive it did not come from the dev but another source...
xda___ said:
recently downloaded a zip file for a rom.
ran norton and it found a trojan.
norton dealt with the issue, all is clean now it says.
2?'s
is the rom safe to use now if norton gave the green light?
where did this trojan come from?
was it the dev? i have used his roms before, and no issues...
hard for me to think, as was said in another post that he would take the time to cook up the rom just to slip a trojan in. but i understand it's a possibility.
is there a chance that it was not injected by the dev though?
somehow in transit through the net or on the hosting site?
really would like to beleive it did not come from the dev but another source...
Click to expand...
Click to collapse
- also, another idea... a "false positive"?
You are using windows pc, and a android device which is based on linux. Its not possible to run a windows program in linux based mobile platform. I think, the virus you have found,that must be entered when the rom is packed.
IsolatedKM said:
You are using windows pc, and android based on linux. Its not possible to run a windows program in linux based mobile platform. I think, the virus you have found,that must be entered when the rom is packed.
Click to expand...
Click to collapse
I downloaded the rom onto my pc and ran norton before putting onto my phone....
what would suggest a rom is packed with a virus vs. a false positive or coming from a different source?
xda___ said:
- also, another idea... a "false positive"?
Click to expand...
Click to collapse
AND, if i was able to clean the files, how do i know if norton removed something the rom needs to funtion?
can i tell by any code info. norton gives me on the virus?
flash it nothing will happen to your phone since it detects windows viruses + norton is crappy i suggest using kaspersky
Most likely a false positive.

Categories

Resources