The same think is happening to me. Trust Go is finding the trojan, avast is not. I do believe it to be affecting the google market today. I don't know how serious it is, but I googled it and it's seems legit. Has to do with SMS Preium Messages. Don't know what to do about it, can't uninstall the apps it says are infected, play store, play books, maps, translate, google services framework, the list goes on and on. I am not rooted on my Droid Razr. Hopefully google can rectify the situation.
-
After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.
Trojan!Opfake.L@Android
- Thread starter weezy7
- Start date
First rule in cases like this - Don't Panic.
This could just all be false positive on the malware scanner.
That happens each and every day in the pc world and I do mean all of the time, ok.
Just what I am hearing so far makes me think it's exactly that here.
But, I think that it won't hurt to check it.
That may take until later today.
Meanwhile - Don't Panic.
Not panicking, just taking it seriously. ;-)
And thanks for looking into it. I also sent a feedback message to TrustGo with a link to this thread.
As Early has said, most likely it's a false positive. We had one with a different android AV program a couple of weeks ago. It happens.
So keep an eye out, but stay calm and don't trash your system straight away!
So keep an eye out, but stay calm and don't trash your system straight away!
One of our staffers is a cyber security expert, I have asked him to assess this as well.
chanchan05
The Doctor
Honestly I think its a false positive. One of the most impossible apps to be a malware is the Play Store itself. And considering the fact that only the latest Play Store update is considered as a "virus", it would seem like it.
However, this is the first time I've heard or read about TrustGo, and honestly, I'd rather stick with the more well known names in AV technologies, especially with one that has this much false positives. Avast, AVG, Bitdefender, McAfee and Kaspersky all have Android apps (I think Avira and Norton has their versions too?). NetQin has been a mobile AV provider since the heydey of Symbian. I'd rather tend to believe them than what I see to be a relative newcomer like TrustGo.
However, this is the first time I've heard or read about TrustGo, and honestly, I'd rather stick with the more well known names in AV technologies, especially with one that has this much false positives. Avast, AVG, Bitdefender, McAfee and Kaspersky all have Android apps (I think Avira and Norton has their versions too?). NetQin has been a mobile AV provider since the heydey of Symbian. I'd rather tend to believe them than what I see to be a relative newcomer like TrustGo.
I can't promise one way or the other.
Results will come from wherever the process leads.
Without knowing the answer in advance, that's the best I can say.
Good call contacting that vendor, btw.
Matty18
Well-Known Member
To me this looks like a false positive. Whilst the Trojan that the AV is detecting is real, it typically hides in fake apps. I would recommend checking the permissions that the Apps have. Make sure that none have the ability to send text messages (that shouldn't of course).
Also, if any of you could get some of the files that are "infected" uploaded here, I can take a look.
P.S. Just to avoid any confusion, I should note that I am not the person EarlyMon mentioned (I'm not even a staff member.
) though I do have experience in this area.
Also, if any of you could get some of the files that are "infected" uploaded here, I can take a look.
P.S. Just to avoid any confusion, I should note that I am not the person EarlyMon mentioned (I'm not even a staff member.
) though I do have experience in this area.
IOWA
Mr. Logic Pants
Uninstall TrustGo.
1.) Nobody knows who they are.
2.) They have an obvious agenda, as they are pushing their own version of a "market". Most likely applications that are REALLY infected.
3.) Their website is half broken, and the site hasn't been around very long. The domain registration and copyright claims also conflict a bit, but that could just be circumstance. For a security "firm", this is unacceptable.
Chances are, TrustGo is the real malware here.(Or the developer really screwed up.) Given the Android market now scans for obvious malware, providing outside the market downloads after claiming loads of false positives is a rather devious yet genius approach to circumventing Google's malware filtering.
Although, I could be jumping to conclusions.
When in doubt, get a second opinion, or even a third.
If you must use a scanner, Try Avast! or Kaspersky, both are trusted names.
EDIT: After doing some more research, I can't make heads or tails of the companies intentions. Whether this is an unintentional glitch in the program (it does happen), or an extremely elaborate scam. It appears the domain itself has changed hands a few times throughout the years, all with the same focus on IT Security. However, they were an originally an IT Security recruiting firm.
Sorry I couldn't be any more of a help, but I can't find anything conclusive either way. If I find anything I'll let everyone know.
EDIT2: I've emailed several of the developers featured on the trustgo website. If TrustGo is legit, these developers would have given permission to distribute their applications.
Personally speaking though, I would still uninstall it. When security is at risk, don't take chances. Even if they are 100% legit(which is entirely possible!), false-positives aren't helping anybody.
2.) They have an obvious agenda, as they are pushing their own version of a "market". Most likely applications that are REALLY infected.
3.) Their website is half broken, and the site hasn't been around very long. The domain registration and copyright claims also conflict a bit, but that could just be circumstance. For a security "firm", this is unacceptable.
Chances are, TrustGo is the real malware here.(Or the developer really screwed up.) Given the Android market now scans for obvious malware, providing outside the market downloads after claiming loads of false positives is a rather devious yet genius approach to circumventing Google's malware filtering.
Although, I could be jumping to conclusions.
When in doubt, get a second opinion, or even a third.
If you must use a scanner, Try Avast! or Kaspersky, both are trusted names.
EDIT: After doing some more research, I can't make heads or tails of the companies intentions. Whether this is an unintentional glitch in the program (it does happen), or an extremely elaborate scam. It appears the domain itself has changed hands a few times throughout the years, all with the same focus on IT Security. However, they were an originally an IT Security recruiting firm.
Sorry I couldn't be any more of a help, but I can't find anything conclusive either way. If I find anything I'll let everyone know.
EDIT2: I've emailed several of the developers featured on the trustgo website. If TrustGo is legit, these developers would have given permission to distribute their applications.
Personally speaking though, I would still uninstall it. When security is at risk, don't take chances. Even if they are 100% legit(which is entirely possible!), false-positives aren't helping anybody.
Hey Matty, if you look up above the thread I uploaded a file of the file manager which was "infected", you could check that out, and I'm starting to agree with many of you that its a false positive..To me this looks like a false positive. Whilst the Trojan that the AV is detecting is real, it typically hides in fake apps. I would recommend checking the permissions that the Apps have. Make sure that none have the ability to send text messages (that shouldn't of course).
Also, if any of you could get some of the files that are "infected" uploaded here, I can take a look.
P.S. Just to avoid any confusion, I should note that I am not the person EarlyMon mentioned (I'm not even a staff member.
itsallgood
Android Expert
I two had TrustGo Security to give me 27 of my over 200 apps are infected with this virus. I pressed ignored, since no of these apps are new and I have been using them for some time now. I have Lookout as well and it says everything is clean. (I just started using TrustGo a few days ago, since I'm using Dolphin Browser Beta and Lookout only scans the stock browser, which TrustGo can scan.)
I also, saw a notification in my status bar that looked to be in chinees. I clicked on it, to see what it was, and it started downloading. (Couldn't stop it.) After it was finished, a message poped up saying that it couldn't download from unknown sources. (Of course I hit cancel.) Do you guys know if it is saved, some where on my phone, to down load later when I click "Unknown Sources"? Which I keep unchecked. Thanks
I also, saw a notification in my status bar that looked to be in chinees. I clicked on it, to see what it was, and it started downloading. (Couldn't stop it.) After it was finished, a message poped up saying that it couldn't download from unknown sources. (Of course I hit cancel.) Do you guys know if it is saved, some where on my phone, to down load later when I click "Unknown Sources"? Which I keep unchecked. Thanks
I called in IOWA, and agree with him completely.
Looking at Google search results, the favored infection vector for the Opfake trojan was using alternative markets.
Premium Rate SMS Trojans in Google’s Android Market | DataProtectionCenter.com: Tech and Security - Data Recovery and Protection, Internet, Technology, Security, Reviews, Softwares
TrustGo details -
http://www.ip-adress.com/whois/trustgo.com
And their web invites you to download "safe" versions of apps -
Mobile Security & Privacy - TrustGo
Looking at Google search results, the favored infection vector for the Opfake trojan was using alternative markets.
Premium Rate SMS Trojans in Google’s Android Market | DataProtectionCenter.com: Tech and Security - Data Recovery and Protection, Internet, Technology, Security, Reviews, Softwares
TrustGo details -
http://www.ip-adress.com/whois/trustgo.com
And their web invites you to download "safe" versions of apps -
Mobile Security & Privacy - TrustGo
NFLprincess
Lurker
I was alerted 20 minutes ago by my Trustgo that the following apps contained the trojan!opfake virus: news and weather(never use), Google search, Thinkfree office, Maps, Gmail(never use), Google service framework. I use Straight Talk. These apps came with my phone. I'm not rooted due to a warranty that expires 12/2012. Very worried.
HI guys, Just registered to let you know this.
I emailed Trustgo's support today after getting the same sort of reports as you've had, and this is their response
I emailed Trustgo's support today after getting the same sort of reports as you've had, and this is their response
Hi there,
Thanks for contacting TrustGo support team! My name is Shawn and I'm glad to assist you today.
Thanks for bringing this to our attention! This issue is caused by the latest signature update. We have reproduced the issue and our engineering team is working on it right now. We will try our best to make the fix available immediately.
Thank you for trying the TrustGo Mobile Security app, and we appreciate your patience in dealing with this issue. Have a great day ahead!
Best regards,
Shawn
TrustGo Support Team
SO it looks like a false positive !
HTH
Thanks for contacting TrustGo support team! My name is Shawn and I'm glad to assist you today.
Thanks for bringing this to our attention! This issue is caused by the latest signature update. We have reproduced the issue and our engineering team is working on it right now. We will try our best to make the fix available immediately.
Thank you for trying the TrustGo Mobile Security app, and we appreciate your patience in dealing with this issue. Have a great day ahead!
Best regards,
Shawn
TrustGo Support Team
SO it looks like a false positive !
HTH
Thought it would be. I don't hold that against them, as it happens to everyone sooner or later (3 weeks ago it was Lookout giving false positives, resolved after a few hours).
But you might be interested in the report linked in this post. Of course that was a few months ago, but TrustGo did not perform well in that test.
But you might be interested in the report linked in this post. Of course that was a few months ago, but TrustGo did not perform well in that test.
NFLprincess
Lurker
Btw, I also use Norton antiJust virus and it states after scan no malware or spyware detected. Just uninstalled Trustgo. Going to go check out the AV apps suggested by EarlyMon.
Don't know about appbrain, but I often get the play store add an app to my "updates" list before making the actual update available. When it does that I just check again later.
So I'd say unrelated.
So I'd say unrelated.