Your browser is obsolete!

The page may not load correctly.

Android territory

Туманность Андроида

Other issues in this category (22)
  • add to favourites
    Add to Bookmarks

System business

Read: 28164 Comments: 10 Rating: 11

Monday, October 19, 2020

Here are several quotes from some tech support requests we’ve received:

A malicious program has gotten into my phone. Dr.Web can't remove it.

Is it safe to run online banking applications on the device?

Two malware samples have been detected, but your program won't delete them. It offers two options: to ignore them or search the Web. How do I delete these malicious programs: Android.HiddenAds.251.origin and Android.DownLoader.3737? The message says that Dr.Web can't delete them and requests some sort of root permissions. I have attached screenshots to this request. Please help.

I'm having problems with my smartphone. I scanned it with your application. Two threats have been detected. I bought a one-year subscription but still cannot delete them. It is requesting root privileges. How can I remove these trojans: oukitel k6000, android 6.0?

The attached screenshots look very similar. Only the trojan names vary. Scan results show that a malicious program has been detected in the system/app/ directory and it must be ignored. The reason is simple: "Dr.Web does not have access to system directories and cannot neutralize this threat. Root access is required".

The anti-virus does not have permissions to operate in /system/app directories. Perhaps, there is a way to acquire these permissions? No, there isn't. Unfortunately, Google—the company that develops Android—doesn't allow security software (including anti-viruses) to enjoy the same freedom similar solutions for Windows and Linux do. As a matter of fact, an anti-virus for Android is as powerful as any another ordinary app for this platform. Specifically, anti-viruses have no write permissions in system folders. That's how the operating system developer wants it. Apparently, Google doesn't believe that trojans can find their way into system folders. But they do. How?

Low-cost Chinese smartphones are shipped with pre-installed malware that steals personal data and money from users' accounts. According to Upstream security researchers, most compromised devices are manufactured by the Chinese company Transsion Holdings.

Upstream conducted a thorough investigation and discovered that adware and lost money issues affecting Tecno W2 owners were caused by the handset’s firmware. The devices were shipped with pre-installed xHelper and Triada trojans, which covertly downloaded other apps of dubious origin to the smartphones.

According to the company's spokesperson, the devices weren't designed to have malware planted in their firmware and the unwanted apps were deployed by a malicious supplier "somewhere within the supply chain of the affected devices".


Doctor Web's security researchers also discovered similar unauthorised firmware modifications.

As we can see, the manufacturer may not even have anything to do with it. Malware can be planted on devices during manufacture (although the manufacturer is responsible for maintaining control over their production). And this leads us to conclude that trojans can appear on any manufacturer's devices if the company outsources manufacturing.

Smartphones of many popular brands may have malware pre-installed on them. For example, the Chinese company TCL—the Alcatel brand owner—also shipped infected handsets bearing that very brand name.

Governments disseminating smartphones with pre-installed malware can be caught red-handed just as well as device manufacturers can. For example, in January 2020 cybersecurity experts discovered that US government-funded UMX U686CL phones—inexpensive devices provided to low-income families under a telephone service availability programme—were bundled with malware.


The top five smartphone manufacturers whose devices were shipped with pre-installed malware included Samsung, Asus, Xiaomi, Lava and Tecno.

The list included these Samsung smartphones: J5, J6, J7, J7 Neo, J7 Duo and J7 Pro. There was a wide variety of Xiaomi devices on the list: Redmi 5, Redmi 6 Pro, Mi 5S Plus, Mi Mix, Mi Note 2, Mi Mix 2S, Mi A2 Lite, Redmi Note 6 Pro and Mi A3. The tablet Mi Pad 4 was also among the affected devices. Note that even Xiaomi smartphones that come with stock Android—Mi A3 and Mi A2 Lite—may have malware planted on them.


And even if no malware resides in a device's firmware at the time of purchase, it can sneak in with a firmware update.

Can the malware be removed? Yes, but that can only be accomplished on devices that have root access enabled on them. In this case, the anti-virus, just like other programs, will have access to the system areas.

Why can't an anti-virus gain root access for itself? Anti-virus software cannot obtain privileged control (root access) over Android system areas because doing so would invalidate the manufacturer's warranty. Furthermore, banking apps often refuse to run on devices of this kind. Only users who fully understand the consequences can carry out this procedure: Rooting Android devices can also be dangerous because there is no guarantee that the system will not be damaged in the process.

#Аndroid #anti-virus #security #malware #rooting

The Anti-virus Times recommends

If you are not an experienced user and don't want to take chances with the rooting procedure, then:

  • Use the device's settings to stop the application: Go to Settings → Applications. Select the application that has been identified as a threat. Then in the application information window, tap Force stop. You will have to repeat this action after every system reboot.
  • Use the device's settings to stop the application: Go to Settings → Applications.Select the application that has been identified as a threat. Then in the application information window, tap Disable.

If the application can't be disabled or for some reason you can't follow these recommendations: :

  • Install the latest official firmware version for your device (you can do this in one of the device manufacturer’s local service centres).

    If the malware persists after the firmware has been updated, try contacting the device manufacturer to get additional information about the application, describe the situation, and request that they provide an alternative, malware-free version of the firmware.

  • Gain root access on the device and run a full anti-virus scan of the device to remove all the threats discovered.

    To learn how root access can be enabled on your device, contact the manufacturer's service centre.

If your device uses custom firmware, you can roll back to the device manufacturer’s official firmware on your own or contact a local service centre for assistance.

If you are using the device manufacturer’s official firmware, try contacting their service centre to get more information about this application.

You can learn more about threats in system directories here.

Unfortunately, there is no guarantee that reflashing a device will remove trojans. Therefore, run a full system scan after the firmware has been updated.


Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.