• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Superfish

Malware is already being included on some phones right from the factory.

I've documented it in another thread, quoted here -

EarlyMon said:
Normally, we would assert that any factory installed software, such as found in /system/app, would not be malicious and could not become malicious unless modified by a user who has rooted their phone.

So with the help of Google, I questioned that assumption and was surprised to find http://www.cs.cuhk.hk/~cslui/PUBLICATION/ASIACCS2014DROIDRAY.pdf

DroidRay: A Security Evaluation System for Customized Android Firmwares

Min Zheng, Mingshen Sun, John C.S. Lui
Computer Science & Engineering Department
The Chinese University of Hong Kong

It's a scholarly examination of the assumption with a survey of devices and software.

They concluded in no uncertain terms that your phone was shipped with malicious software right from ZTE.

Rooting is the same thing as administrator access on your pc.

If I were you, I would read that article in its entirety, see if you agree with my reading, and if so, see if you can root your phone. If so, you can proceed to freeze the app in question (make it not runable and therefore harmless) and replace it with something else.

You can also begin by checking under settings, Apps, All, find it and see if it will let you disable it without rooting.
Click to expand...
 
El Presidente said:
Some coolpad devices come with malware and backdoors right out of the box too: http://www.androidpolice.com/2014/1...e-play-services-framework-says-security-firm/
Click to expand...


"Impersonates Google Play Services framework", they might have done that because some apps, games especially, often won't run with without Google Play services being present on the device.

"So far, the backdoor has only been spotted on ROMs for Chinese and Taiwanese customers. Coolpad does sell the Quattro 4G through MetroPCS as well as the Quattro II 4G and Flo through other prepaid carriers."

It would only be necessary on phones that don't have Google Play services, which is devices intended for China. Unlikely that the US, MetroPCS versions of Coolpad phones would have it. Adware rather expected to be pre-installed devices in China, and it does happen.

BTW has anyone ever tried or used SuperFish, which is what was found on the Lenovos? It's in the Google Play store for Android, as well as made for iOS.
 
Last edited:
Firefox (Mozilla) had problems with it a couple of years ago. It installed a toolbar (I think) that sent ads. It came in piggybacked with another download. ZTE is making FX phones.

Zte apparently was infected with something. I was reading the article on a tech news aggregator yesterday or the day before. It was as Mike said - but some did get shipped.
Went to find what I read, found a link to ZTE being infected, and when clicked on, the story changed. It was slow enough that I could see the page refresh. Happened to be the CW website. Somebody censored it. Even stuff from the Register got changed to a blurb for buying ZTE.

Maybe some got it confused with this:
»rt.com/news/233895-android-malwa ··· tphones/

This was on a couple of sites, and trying to find out how one would get it was a real pain.
Same explanation as Mikedt just gave.
 
My link earlier is stable and documents exactly what the ZTE is infected with and what the malware does - along with several other models.

Malwarebytes was reliable in determining the infection in the ZTE case. It was not a false positive.
 
What worries me is bundling this crap with downloads. A lot of computer download sites include it. Can a naive or unscrupulous developer add something like this to an app without Google catching it at once? Android has a lot of users looking for freebies.
All the knowledge here and warnings don't seem to deter the freebie seeking crowd.

I'm saying naive as some app writers do sign on with an ad company to monetize apps. Judging from some of the ads I've seen I don't think the app maker looks. The ad company just bundles everything. I've seen ads that I don't think I'd want on a child's phone. Not obscene or profane, just for questionable services like escorts.
 
The Play Store has a bot called the Bouncer that constantly checks for unapproved methods. It's not perfect, but it catches and rejects a lot. At the first sign of infection since a previous check, the Play Store will automatically uninstall the app from all devices. If there's anything else, you can flag an app as inappropriate in the Play Store or you can contact the dev directly.

Our own site started showing X rated ads when the ad agency was hacked a few years ago. Recently we started showing inappropriate escort ads when Google's ad services got hijacked.

Even the FBI has been hacked. With present technology, there's no 100% guarantee that similar ad mishaps won't happen again.

It's imperative to never pirate anything, piracy sites are still the number one infection vector.

Parents are well-advised to use a good parental control app. No matter "how naturally little Bobby or Sally does computer!" the fact remains that youngsters are not equipped to fully understand app permissions and the real threats on the Internet. It's a child's job to be curious, it's a parent's job to not let the child play on the freeway.
 
Last edited:
Apparently is the keyword. Stupid bloatware all over. It seems half the PC download sites bundle it. Big uproar on Mozillazine on how to get rid of it in Firefox.

The uproar seems to have died down, but Superfish will be back, maybe under another name, and with a lot more stealth and an effort to get on every OS possible.

Some parents don't equate the "information highway" with the freeway.
 
You must log in or register to reply here.
Back
Top Bottom