Android Trojan.Gorilla.AM present in my device OEM launcher. What to do?

[UglyStuff]

Hello everyone,

In the continuing saga of the Leagoo T5C i bought before the holidays from GearBest, I've seen the good (the price and overall build quality, along with a reasonably good user experience), the bad (some notifications that I just can't get rid of, among other things), and I now present you the ugly: after watching a review video on YouTube about my device, I learned that it came loaded with a Trojan called "Gorilla.AM"...

***EDIT: the name of the Trojan could actually be "Guerilla.AM", I'm not sure.***

Needless to say, I did as the tester had, and installed Malwarebytes, which, sure enough, found the exact same Trojan on my device.

You can watch the video here: https://www.youtube.com/watch?v=R5l3z7BvBtk

It so happens that it's embedded in Leagoo's own application launcher, called Sujet (in French; maybe it's called "Subject" in English, I don't know). I can force quit the application, since I use another launcher called Apex (good pick, by the way), but Malwarebytes can't seem to shake the Trojan off my device nonetheless.

A quick search on Google gives very little in the way of information about this malware, but I'd like to be on the safe side, so I came here.

Any contribution would be welcome at this stage.

 

[gordol]

If it's part of the firmware (such as the system supplied launcher), you're screwed. The only options you have are:

1: Root the device to gain complete control over the firmware then use a root-tool to kill it
2: Replace the device with one from a more reputable company

 

[UglyStuff]

Thanks for the reply. We can readily forget suggestion #2 , because I don't intend to spend any more money on a phone I use almost solely as personal hotspot. I chose this one because it was cheap, dual-SIM, 4G all round, cat. 6, and that suits me fine.

I've been instructed on another forum to use ADB Tools to delete the offensive application, though as you pointed out, it's an integral part of the system here, as it's the OEM official launcher. I suppose it's removable if I root my terminal, but I'm not sure I'm ready for that yet, because I need my phone to work, and I can't risk to brick it.

I didn't manage to use ADB (command not found and the like), I followed the instructions to a "t".

This may sound as an aside or another topic altogether, but how hard/complicated is it to flash the phone with a clean copy of Nougat (as in, Vanilla), and where would I find one of reputable origin?

 

[UglyStuff]

UPDATE: based on advice received on XDA by someone called Lannig (big thanks!) there, I managed to open ADB in a command line, and got an error message as follows:

"Error: java.lang.SecurityException: Shell cannot change component state for com.leagoo.launcher3/null to 2"

I took it to mean that I'm screwed unless I root my device, something I'm not sure I want to do right now, because as I said, I use this phone to connect to the Internet for work, and I can't risk bricking it.

What's the (other) next step? Santeria...?

 

[gordol]

I see the dame choices:

Root it
Replace it
Live with it

 

[UglyStuff]

It seems to me you're right: two choices out of three are, if not rotten, at least barely acceptable (live with it or replace it), so I guess I'm going to have to root it.

In that case, what's the course of action for an Android newbie like me? What tools are best for someone with my poor knowledge of that OS?

 

[gordol]

There used to be a forum here on AC just for rooting. It appears to have been effectively split into individual subforums of other forums for device-specific assistance. I do not see yours in the forums listing. I am unable to help with that, I'm not rooting my Moto Z2, which btw is my first Android in five or six years.

You might be able to get some generic help in one of the aforementioned rooting subforums, at least in the form of suggestions for which rooting systems are good, if no one else here can chime in with suggestions.

 

[UglyStuff]

I'll check those sub-forums you mention, though I don't hold a lot of hope: Leagoo isn't as well-known and -documented as, say, Samsung or Motorola, and the SoC on my device is brand-new, based on an Intel x64 Airmont architecture, so I gather there'd be issues regarding rooting procedure and drivers.

I'll check it, though. Thanks for the tips and advice. Have a great Sunday!

 

[UglyStuff]

Additionally, does anyone know here about KingRoot? Is it a safe way to root your device, as shown in this video? https://www.youtube.com/watch?v=BRBx1Fd6A2E

Also, what do you think about LineageOS as a substitution ROM for the one already installed on my device? Supposedly, it can be installed on "almost any Android device", as alleged here: https://www.youtube.com/watch?v=5snxtA5e2RY

 

[UglyStuff]

UPDATE: I managed to uninstall (I hope) the OEM launcher, Sujet, thanks to the commands supplied here (in Italian, but it's pretty self-explanatory): [Thread Ufficiale] Leagoo T5C: 5,5" FHD Dual Camera con SC9853i - Leagoo - P3 - Androidiani

Meanwhile, I've been in a two-tiered contact with Leagoo's support team by eMail: at first, someone very articulate in English told me that they were investigating my claim that my device came with a malware embedded in the ROM.

Earlier today (must be 10 hours ahead of France in China), someone writing poor English assured me that this malware was a false positive, and I shouldn't worry.

Right.

Zapped the offending bytes...