• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

AndroidOS Malware(?) - help please

K

kgmarsch

Lurker
I am developing an App that is to be distributed pre-installed on Android tablets.

I have sourced a tablet for this purpose, however, I have recently noticed that some of these tablets seem to be auto installing malware.

I am testing on 6 allegedly identical tablets and 2 of them are suffering from this problem. After some initial investigation I have found that the two that are installing the malware have an extra App installed called Android OS (com.android.disidc.mwm) - I have searched on-line for this and get nothing (not one hit). My guess is that it is this app that is downloading and installing the other malware (Chinese/Japanese apps

The app appears to start a service called dsmorandcService (nothing on-line for this either).

Can anyone offer me any help on what these are or where they might be installed on the tablet (so I can at least see when they were installed). I am due to send out about 50 of these to end users and couldn't afford to have to re-call them if they all develop this problem.

The tablet is a Terra Pad1002 , running 4.2.2.
Thanks in advance.
 

Attachments

  • Malware.jpg
    Malware.jpg
    29.1 KB · Views: 112
  • AndroidOS-Installed.jpg
    AndroidOS-Installed.jpg
    32.3 KB · Views: 124
  • AndroidOS-Running.jpg
    AndroidOS-Running.jpg
    29.5 KB · Views: 109
You could try one of the many free antivirus or malware applications, they can help identify rouge applications.

They usually just spam you with advertisements randomly, hopefully that's all this is but as you said I can't see anything online so this might be new and the antivirus software might not be able to identify it yet.
 
Thanks for the advice both.

Have already tried 5 different AV/Malware apps - a couple of them are blocking the install of new malware Apps but they aren't picking up on what I think is the App which is doing the installing in the first place (AndroidOS).

I have managed to find where this App is installed - unfortunately it has managed to install itself as a System App (in system/app called P02170004001.apk).

I have tried force stopping, disabling and deleting this app. It just keeps on restarting. I have done a factory reset but it's still there. The date/time stamp for this file is this morning - which is slightly encouraging. Hopefully it's as a result of something that I've done rather than malware that's embedded in the original OS.

I have only done a couple of things on the infected tablets so it's going to be a case of performing these same steps on one of the clean tablets and seeing if the Android OS is 'installed' as a result (although at this time I can't see how).

If I get chance I may try and decompile the P02170004001.apk and see if I can learn anything more about it.

I will update with any findings. Thanks again.
 
Is your device rooted? Otherwise, there's not really any way that a malicious application could install itself to the /system partition. Could it be that the package was included as some manner of firmware update?

Have you noticed any particular or specific malicious behavior, other than the appearance of this strange app?
 
kgmarsch said:
Thanks for the advice both.

Have already tried 5 different AV/Malware apps - a couple of them are blocking the install of new malware Apps but they aren't picking up on what I think is the App which is doing the installing in the first place (AndroidOS).

I have managed to find where this App is installed - unfortunately it has managed to install itself as a System App (in system/app called P02170004001.apk).

I have tried force stopping, disabling and deleting this app. It just keeps on restarting. I have done a factory reset but it's still there. The date/time stamp for this file is this morning - which is slightly encouraging. Hopefully it's as a result of something that I've done rather than malware that's embedded in the original OS.

I have only done a couple of things on the infected tablets so it's going to be a case of performing these same steps on one of the clean tablets and seeing if the Android OS is 'installed' as a result (although at this time I can't see how).

If I get chance I may try and decompile the P02170004001.apk and see if I can learn anything more about it.

I will update with any findings. Thanks again.
Click to expand...

You said in the original post you have 50 of them to sell, is it possible the manufacturer of the tablet or your source hasn't bundled something nasty into the rom. It would suck if that was the case but could you test one of the other tablets just to confirm if this system app is present an any of the other devices.

As a system application I'm not sure there is much you can do as usually you need to root the device to remove system applications.

Did you try one called "Malwarebytes Anti-Malware", haven't tried it myself but the PC version of this software has saved me many times.

I'm just not sure how any of these applications handle malware that is installed as a system app. :( :confused:
 
Only had a quick scan of these replies but can answer that Yes these tablets are rooted - not by me. They are rooted 'consumer' tablets.

Will read replies in more details soon. On-going thanks.
 
I have the same problem. Immpossible to disable or delete, runs ad websites as soon as wireless is on.
If anyone has nay ideas...

Yours, N.
 
Check with Malwarebytes and Addons Detector.

Go to main settings, Apps, All and clear cache and data for all installed browsers.

If only occurring on home wifi after that, it's likely your router has been hijacked and needs a hard reset.
 
You must log in or register to reply here.
Back
Top Bottom