• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Malware trying to force install of battery saver app

PacificaBren

PacificaBren

Well-Known Member
Hello, I hope I'm posting this in the right forum. Apologies if I'm not.

My father has a cheap LG phone (probably running Android 5 point something), and when he attempts to launch the default browser, he is automatically redirected to Google Play (or, perhaps, a fake app store that looks like Play), where he is prompted to download "Power Battery - Battery Saver" by LIONMOBI. It is impossible to use the Web browser, because every attempt to use it redirects to this app store.

I deleted several battery saver apps from my dad's phone, along with one or two other apps he didn't recall installing.

I also deleted the default browser's data and settings, but that didn't help.

I also installed Chrome, which works just fine, and does not seem to be affected by whatever malware is doing this.

So he can access the Internet via Chrome, but the default browser is still affected. Today he told me he ran AVG, but it found no malware, and the problem persists.

Does anybody have any idea how to fix this?

Thanks!
 
A full clear of the default browser's data should have included its cache, which should get rid of most hijacks, so it's a bit worrying that it's still happening. I'd be inclined to try again: Settings > Apps > All, select the default browser, clear cache, clear data, force stop. Just to be sure. He doesn't have any web sync/backup of the browser data does he? We don't want anything to just sync crap back.

Just to be paranoid, does it make a difference how he opens the browser (desktop icon, app drawer, or from it's play store page)? I've never heard of such a thing, but I could imagine replacing a desktop icon with a shortcut to something else, but opening the browser via its Play Store page really should load the actual app. If you wanted to be really paranoid you could uninstall updates to the stock browser (if there are any), which would revert it to the version in the original ROM. But do we know whether it really is the Play Store or some ad mocked up to look like it? Maybe look for discrepancies like teeny-tiny close buttons hidden away somewhere.

(BTW I've looked up that app in the Play Store - I'd need to really trust the developer to install something with that list of app permissions. Though frankly "battery saver" apps are pretty much all junk).

"Apps he doesn't remember installing" is worrisome, though not everyone does remember what's on their phone. If AVG has the ability to scan apps' permissions and check for any that have the ability to install other apps that might be worth looking at, just to be sure (though the malware scan itself was clean). If it hasn't, there are apps that have (Addons Detector is one I've used). And maybe get a second opinion on the malware, e.g. MalwareBytes or Kaspersky.

Make sure he has "install apps from unknown sources" turned off too.

Sorry, don't have a clear answer to this one. Normally clearing the browser suffices, but this seems to be more persistent.
 
Update! Hadron, I showed your post to my father, he acted accordingly, and now the problem appears to be solved. He writes:

I seem to have fixed the prob. I was able to find the browser Settings, which wasn't easy. Once I did that I deleted all history, cache, passwords etc etc. Now the browser is working normally. Chrome is probly better anyway. BTW, I also installed Malwarebytes which came up clean.
Click to expand...
 
You must log in or register to reply here.
Back
Top Bottom