Backdoor.AndroidOS.Ginmaster.a

[AusOmega]

Hi! Last night, Kaspersky ran its nightly scan and popped up a little surprise for me, first ever: a Trojan! I felt positively blessed...I've never had one. I observe relatively good internet and download hygiene, do my due diligence to keep my electronic friend happy, so this was an unexpected, excellent learning opportunity for me. Kaspersky told me my little surprise, Backdoor.AndroidOS.Ginmaster.a, was a gift from the Google+ app of all things. I took its advice to delete the Trojan, roll back Google+ to factory version, and relax. However, for fun, I let the Google+ app update itself automatically on more time and ran Kaspersky's scan again. Pop! My little Trojan weasel reappeared! Love from a foreign country, very likely! I'm so popular. NOT. This time, I did the delete, rollback, and relax, except this time I refused to allow Google+ to update itself automatically. Ran Kaspersky a third time, and my electronic fried is as clean as a whistle. No more Trojan valentines. I reported both instances on the Google+ app page in the Play Store as "this app is making my device nervous" with information added. Put it in the thread of comments and reviews, too. My phone is stock and unrooted, a condition that will not persist as soon as I learn how to free it from its prison.

The point of my little story is this: has anyone else had this happen yet? If so, was the occurrence exactly like mine? I thought I would reach out for more information from the community. Thank you!

 

[meyerweb#CB]

I'm doubtful that an official Google app being updated from the play store really has a trojan. These AV apps are known to through false positives, and it may be the case that Google's introduce some feature that Kaspersky is misinterpreting as a Trojan just because they don't know about it yet.

OTOH, it could be real. Better not to upgrade until you can be sure. You might want to report it to Kaspersky, too, so they can double check their code and signature database.

 

[Skunkape60]

I'm doubtful that an official Google app being updated from the play store really has a trojan. These AV apps are known to through false positives, and it may be the case that Google's introduce some feature that Kaspersky is misinterpreting as a Trojan just because they don't know about it yet.

OTOH, it could be real. Better not to upgrade until you can be sure. You might want to report it to Kaspersky, too, so they can double check their code and signature database.

Congratulations Mr Ambassador!!! Things have already started changing in my absence.

 

[Mike Garfield]

Hey There

I'm new to this all and thought i'd google exactly what AusOmega found on his phone. Have the Samsung S3, bought brand new (unlocked) and have not changed the default apps that came with the phone. I am wary of what i download and have not downloaded anything that would worry anyone. However, I checked my phone this morning and low and behold i got a THREAT DETECTED "Backdoor.AndroidOS.Ginmaster.a" from the Google+. I too am using Kaspersky full mobile version and its detected it this morning 20.4.13 @ 11am. I am going to delete the Google + app as i dont use it anyway and i'm a VERY basic user of this Smart Phone.

I would expect more people possibly detecting this too, though.... its possible Kaspersky's the only one so far picking it up!!

 

[Super Dave426]

Apparently Lookout has discovered 32 Apps that are infected with BadNews maleware, story here.

 

[meyerweb#CB]

I don't doubt that there are apps in the Play store infected with Malware. I'll be surprised, though, if an official Google app is.

I don't think I'd ever knowingly install an app created in Russia or China, though, for just this reason.

 

[AusOmega]

Thank you all for the responses! Mike, I'm pretty sure the best you're going to be able to do with an unrooted s3 in terms of the Google+ app is uninstall the updates and cut off its ability to update from the factory version; it's a pre-installed app. I say that tentatively because those with greater wisdom than I may have another solution for you. This can be done in the Google Play app and I am sure someone here will walk you through it; failing that, let me know and I'll do my best to walk you through it. It's different now depending on which version of the Play Store you have. Old version asks you to uncheck autoupdate; the new version asks you to enable autoupdate, so that philosophy changed. Me, when my understanding of how to root overcomes my fear of a busted warranty (which is fast approaching), I am rooting the sucker! LOL Bloat freezing!!! Hell yah!

Ambassador, I'm going to talk to the people at Kaspersky as soon as I can. Today was crammed with boxing on TV and classwork, so as long as the threat is neutralized I feel good about taking my time talking to them. I too find it doubtful an app with as much visibility as Google+ has malware, but weird things happen nowadays. I would find it within the psychology and cleverness of hackers to use bloatware that most people can't uninstall at all or easily to deliver their vile crap, even if in truth they lack the skills or power to take on Google. Every dog has its day; maybe they just got lucky.

Thank you all again! Have a lovely day today!

 

[jcandyl]

I am also having problems. Kaspersky antivirus found Backdoor.AndroidOS.Ginmaster.a in Google +, My Tracks (Google product) and in File:storage/sdcard0/appmonster2/backup/com.google.android.apps.plus/rev/ (a set of numbers) and .apk

My cell is also rooted. Do you have any suggestions? Not too savvy but would like to resolve cell issues..
Thank you for help.
JCandyL

 

[meyerweb#CB]

You can uninstall the updates to Google+ and stick with the pre-installed version. Try the same thing with My Tracks, or just uninstall it. The third entry sounds like it's just a backup, and not executable, so I wouldn't worry about it. I'm not sure what you mean by "and .apk"

But I'm willing to bet this is a false positive. Android has put something in the latest version of these apps that Kaspersky thinks looks like a virus, so it's flagging it, is my guess. but if you uninstall the apps it flags, you won't have to worry.

 

[Super Dave426]

I am running AVG and don't see any virus popping up on a full scan. The 2 threats I get are of my own doing, running a rooted device and checking the box to allow non store installs.

 

[AusOmega]

For anyone still interested in the thread, I did report it to Kaspersky, and I'm in the process of finding out what I can. If I find out anything at all, I'll come back and post it.

 

[JRMoquin]

Mobo Player shows as malware now. Didn't before the update. Methinks Kaspersky is reading something in app improperly.

 

[rs7jr]

Just uninstall the unneeded antivirus programs. Problems solved for all. :thumbup:

http://www.howtogeek.com/129896/htg-explains-does-your-android-phone-need-an-antivirus/

Needing antivirus software on an android phone is a myth like calibrating your battery. It just makes you feel better.

Sent from my SPH-L710 using Xparent Skyblue Tapatalk 2