Possible Malware?

Mastaking

Well-known member
Jul 18, 2010
204
16
0
Visit site
My dad has a Thunderbolt and he received a notification that there was a camera update for his phone. He downloaded the update and then his notification bar started getting spammed with ads saying that he has won a new ipod, etc.

What should he do to clean his phone? Should he be worried that his information is being stolen?

Thanks in advance for any and all help.
 

realitydigg

Well-known member
Feb 7, 2011
466
62
28
Visit site
there are some apps that advertise to you - what apps are on the phone? Hard to believe that someone could spoof an upgrade to the stock camera then load something. Is he using a 3rd party camera app? maybe they upgraded their software to include ads
 

wildman

Well-known member
Jul 9, 2010
2,158
230
0
Visit site
My dad has a Thunderbolt and he received a notification that there was a camera update for his phone. He downloaded the update and then his notification bar started getting spammed with ads saying that he has won a new ipod, etc.

What should he do to clean his phone? Should he be worried that his information is being stolen?

Thanks in advance for any and all help.

What camera app is he using that gave him the update, the stock camera app would have a update to only update it, if the spam has been coming through since app update you should try removing the app and then download a virus app like Lookout, I use Kaspersky but its not free and can be a bit of a system hog at times but works well for me.
 

coolbreeze

Well-known member
Dec 4, 2010
273
7
0
Visit site
I noticed the same thing on my wife's Thunderbolt yesterday. It said update for the camera and everything. The app that was doing it was called Weird Laws. From what I read any app that uses Air Push for ads can do this. I had to go app by app and read the reviews to figure out which app was causing her problems.

Sent from my ADR6400L using Tapatalk
 
Last edited:

BayRican

Well-known member
Jan 16, 2011
112
2
0
Visit site
You can download airpush detector from the market for free and it will let you know exactly which apps are pushing advertisements to your phone. I had a few and with this I was able to find them and uninstall then.
 
  • Like
Reactions: Jude526

natehoy

Well-known member
Sep 2, 2011
2,667
71
0
Visit site
Actually, I'm curious as to what form these spams in the notification toolbar take. While this is merely conjecture, it's possible that merely deleting the application will not stop the spam.

For example, if they are SMS messages, its possible the original offending app somehow obtained the phone number of the phone, and the spammers are now sending SMS messages to that phone number.

The good news in that case is that the phone has not been compromised with malware. The phone number was simply revealed to a third party (check the permissions on installed apps carefully!)

The bad news is that the SMS spam is going to be really hard to get rid of, since no amount of cleaning up the phone is going to make it go away. You'll have to find a way to block SMS from anyone but known contacts (I'm sure there's an app for that, but "there was an old woman who swallowed a spider..." :D )

If it truly is an application running that's popping information into the notification area, then the phone itself has been compromised, but a factory reset should clear it up in a hurry even if you can't find the actual offending app (since that would wipe ALL applications except the Verizon bloatware).

Not an ideal solution, but sometimes dusting off and nuking the site from orbit is the only way to be sure. :p
 

Mortiel

Well-known member
Mar 10, 2011
611
150
0
Visit site
My dad has a Thunderbolt and he received a notification that there was a camera update for his phone. He downloaded the update and then his notification bar started getting spammed with ads saying that he has won a new ipod, etc.

What should he do to clean his phone? Should he be worried that his information is being stolen?

Thanks in advance for any and all help.

I will make this very clear and concise so there is no confusion: Do not go downloading random anti-virus apps to get rid of this. It is very difficult for Linux to "spread" a virus through its file system. Most Android "anti-virus" apps are what I like to call "scareware". Companies like Kapersky have put out reports on how many malicious programs there are for Android and how it is getting worse at the same time they are selling you the "cure". I do not think that Kapersky is making any of the malicious software they write reports about, however I do believe they slant their reports to sound as doom and gloom as possible to scare Android users into buying their product.

Other anti-virus apps have been known to collect anonymous location data from users... Why would an anti-virus app need to know in what area I am located at random times? Other anti-virus apps scan for coding used in batch testing, not viruses. Malware has hundreds of thousands of variant coding... ever notice your Windows computer needs to update virus/malware definitions on a regular basis? Some Android malware scanners use cloud scanning so no definitions are needed on the local device, however others do not, and are just plain suspicious to me.

Android can, and will, from time to time get spyware and adware. The best part about Android, is that on a non-rooted device you can simply do a factory reset and the problem is gone. As a preventative, look for a legitimate anti-malware app to install to scan your phone. Sadly, the ones that cost money are more likely to be legitimate... I wish Comodo would come out with a free mobile app lol.
 

coolbreeze

Well-known member
Dec 4, 2010
273
7
0
Visit site
Here's the thing though. Air Push isn't spam or malware. It is actually a "legitimate" form of advertising on Android. It's wrong and annoying but not dangerous to your phone. Some developers use it instead of in app ads. Google should not allow advertising in the notification area, but until then just watch the reviews of apps you download.

Sent from my ADR6400L using Tapatalk
 

BattleSwine

Well-known member
Jun 29, 2011
498
30
0
Visit site
There is an app to tell you which app has Airpush. It would stop it. You have to uninstall and/or do a factory reset. Just search market for Airpush Detector. It's free and requires No permissions.

Sent from my ADR6400L using Tapatalk
 
Last edited:

recDNA

Well-known member
Jun 29, 2011
8,701
115
63
Visit site
I had an app that did that a long time ago. I guessed right and got rid of it. I'll be darned if I can remember which app it was. I do know I downloaded it from the net. I'm strictly a market man now.
 

wildman

Well-known member
Jul 9, 2010
2,158
230
0
Visit site
I will make this very clear and concise so there is no confusion: Do not go downloading random anti-virus apps to get rid of this. It is very difficult for Linux to "spread" a virus through its file system. Most Android "anti-virus" apps are what I like to call "scareware". Companies like Kapersky have put out reports on how many malicious programs there are for Android and how it is getting worse at the same time they are selling you the "cure". I do not think that Kapersky is making any of the malicious software they write reports about, however I do believe they slant their reports to sound as doom and gloom as possible to scare Android users into buying their product.

Other anti-virus apps have been known to collect anonymous location data from users... Why would an anti-virus app need to know in what area I am located at random times? Other anti-virus apps scan for coding used in batch testing, not viruses. Malware has hundreds of thousands of variant coding... ever notice your Windows computer needs to update virus/malware definitions on a regular basis? Some Android malware scanners use cloud scanning so no definitions are needed on the local device, however others do not, and are just plain suspicious to me.

Android can, and will, from time to time get spyware and adware. The best part about Android, is that on a non-rooted device you can simply do a factory reset and the problem is gone. As a preventative, look for a legitimate anti-malware app to install to scan your phone. Sadly, the ones that cost money are more likely to be legitimate... I wish Comodo would come out with a free mobile app lol.

No disrespect but your views would be all good if you wasn't posting this on a site dedicated around rooting their device, how much you bet there is only a small handful of users hear not rooted...

Rooted devices are open to be infected and once again I will say, even if the device codes cant be compromised (Which is possible but this site is built around working around, finding and getting around security restrictions) it is also possible to configure a script that will run from a pc when device is plugged in to modify devices system files if they want.... Can someone say Easy Root??? :D

Its really time to get over this false security that anything made by man can not be defeated by man...
 
Last edited:

qbngator

Well-known member
Mar 8, 2011
215
2
0
Visit site
As cool as they were, all of the GoDev Team apps that I installed resulted in multiple spam notifications/links to my phone daily. As some have mentioned here, it's usually apps that are responsible. The spam stopped once I removed all GoDev Team apps.
 

Mastaking

Well-known member
Jul 18, 2010
204
16
0
Visit site
Thanks for all of the feedback. He is running a non rooted stock Thunderbolt. The update wasn't for an app, it presented itself as an update to the stock camera and he didn't think twice to download it. He does not use a third part app for the camera but he does use a lot of apps that give him caller id, he uses trap call and a lot of things that constantly run that I would never let happen on my phone.

The camera update literally saved itself (he downloaded it) into the applications in his phone. It was called "Camera Update". After deleting it the ads stopped. I am going to try the pushing checker that you guys suggested.

Thanks.
 

wildman

Well-known member
Jul 9, 2010
2,158
230
0
Visit site
Good to hear that it worked our for you, they might want to hesitate install a app that downloads and then ask to install and I would disable the "Unknown Source" option under Settings / Applications so this will make it harder to have this happen by accident..
 

Jude526

Trusted Member
Dec 13, 2010
3,936
109
0
Visit site
I don't root ever. I have no intentions to root. I don't recommend it but people will anyways

sent from my Thunderbolt via tapatalk
 

wildman

Well-known member
Jul 9, 2010
2,158
230
0
Visit site
I don't root ever. I have no intentions to root. I don't recommend it but people will anyways

sent from my Thunderbolt via tapatalk

If Android made a way to do a more complete backup I probably wouldn't root but I prefer a easier way to backup and restore and also allow access to API to screen shot without rooting..
 

paintdrinkingpete

Well-known member
Dec 12, 2009
2,917
276
0
Visit site
...

Android can, and will, from time to time get spyware and adware. The best part about Android, is that on a non-rooted device you can simply do a factory reset and the problem is gone. As a preventative, look for a legitimate anti-malware app to install to scan your phone. Sadly, the ones that cost money are more likely to be legitimate... I wish Comodo would come out with a free mobile app lol.

No disrespect but your views would be all good if you wasn't posting this on a site dedicated around rooting their device, how much you bet there is only a small handful of users hear not rooted...

Rooted devices are open to be infected and once again I will say, even if the device codes cant be compromised (Which is possible but this site is built around working around, finding and getting around security restrictions) it is also possible to configure a script that will run from a pc when device is plugged in to modify devices system files if they want.... Can someone say Easy Root??? :D

Its really time to get over this false security that anything made by man can not be defeated by man...


There is an entire subforum dedicated to rooting, but I would say that of all the Android forums I visit, AC has the most non-root users of any of them. This isn't a bad thing, I'm just saying that while many sites are solely dedicated android development, this site seems to be more geared to general help/support, as well as a news and information sounding board. Especially when you're posting to the main forum (and not the root subforum), I see nothing wrong with giving advice aimed at non-rooted users.

On that note, however, root users can do a factory reset as well...i.e. just re-install the ROM they're currently using without restoring data. Some may say that a rooted device is more susceptible to malware because root access is available, but you do have to manually grant any apps that want su access, so it really is still the responsibility of the user to make smart choices when installing/updating apps.

I could get into a multi-page rant about how worthless anti-virus software is for ANY platform (inc. Windows), but that would be a bit off topic...

My advice to the OP, if it hasn't already been fixed, would be to try to find and uninstall the offending app, and if that doesn't fix it, bite the bullet and do the factory reset. As far as the risk of data being stolen, every app will clearly define what data they require access to, so you may want to check what permissions the app has if you're able to. Many people don't even consider this when installing apps. Checking the comments are good way to see not only if the app works as it claims to, but also what concerns folks may have about the permissions an app is requesting. ANY APP WITH PERMISSION TO ACCESS PERSONAL DATA COULD POTENTIALLY "STEAL" THAT DATA, REGARDLESS OF WHETHER OR NOT IT FLOODS YOUR DEVICE WITH ADS (although that certainly may be a tip-off that the app developer has misguided motives).
 

Jude526

Trusted Member
Dec 13, 2010
3,936
109
0
Visit site
I always read the reviews on an app. I am very selective on what I want on my device as I am with my laptop. Perfect example: I sold my Gateway to a friend of mine and that little laptop lasted me a good 4 years but I wanted more stuff and upgraded to an HP. I took very good care of it and never had problems with it. I told her to not download limewire and not let anyone else as well. It is a very destructive website and has thousands upon thousands of viruses. I don't know if it is around still or not, But she wanted free music. Nothing is free in this world. She paid a price. It fried the laptop. I tried telling her. She learned the hard way. She just now got another laptop and won't let anyone touch it now. I don't know why when someone suggests something and can prove it being destructive, they don't listen.
Some of the apps out there aren't good either. I don't give out information on anything.
 

FrankXS

Well-known member
Feb 27, 2011
3,143
401
0
Visit site
I always read the reviews on an app. I am very selective on what I want on my device as I am with my laptop. Perfect example: I sold my Gateway to a friend of mine and that little laptop lasted me a good 4 years but I wanted more stuff and upgraded to an HP. I took very good care of it and never had problems with it. I told her to not download limewire and not let anyone else as well. It is a very destructive website and has thousands upon thousands of viruses. I don't know if it is around still or not, But she wanted free music. Nothing is free in this world. She paid a price. It fried the laptop. I tried telling her. She learned the hard way. She just now got another laptop and won't let anyone touch it now. I don't know why when someone suggests something and can prove it being destructive, they don't listen.
Some of the apps out there aren't good either. I don't give out information on anything.
Haha... I'm an IT consultant and I have made mucho dolloras becuase of Limeware! Mucho! :D I guess I don't have anything bad to say about it... hehehe... :)

-Frank
 

Trending Posts

Forum statistics

Threads
943,901
Messages
6,920,577
Members
3,159,290
Latest member
Janvi212