Post Reply

Pre-installed Uupay.A/Uupay.D spyware on some Chinese phones

14th June 2014, 10:55 AM   |  #1  
SUMM0NER's Avatar
OP Member
Flag London
Thanks Meter: 5
 
38 posts
Join Date:Joined: Jun 2007
Heise (German publisher of various computer related magazines) has just put up an article about the Chinese Star N9500 Android smartphone coming pre-loaded with a trojan called Uupay.D, that will try to harvest your personal information on the phone and may even try to send costly SMS to premium numbers.

link to the article translated into English

link to article in German

I just checked my shiny new iNew/Alps i7000 with ESET Mobile Security and sure enough, it has the Uupay.A trojan apparently macerating as Google Play service.
Last edited by SUMM0NER; 14th June 2014 at 11:03 AM.
The Following 4 Users Say Thank You to SUMM0NER For This Useful Post: [ View ]
15th June 2014, 02:30 PM   |  #2  
Junior Member
Thanks Meter: 2
 
3 posts
Join Date:Joined: Apr 2014
Root your device
Root your device and from /system/app remove the extra play apks. The offending apk is not part of system image but of the custom ROM that is on these phones.

Run the the ESET anti-virus to check for the trojan
The Following 2 Users Say Thank You to ganeshkrishnan For This Useful Post: [ View ]
15th June 2014, 08:42 PM   |  #3  
Member
Thanks Meter: 14
 
42 posts
Join Date:Joined: Feb 2008
Quote:
Originally Posted by SUMM0NER

Heise (German publisher of various computer related magazines) has just put up an article about the Chinese Star N9500 Android smartphone coming pre-loaded with a trojan called Uupay.D, that will try to harvest your personal information on the phone and may even try to send costly SMS to premium numbers.

I just checked my shiny new iNew/Alps i7000 with ESET Mobile Security and sure enough, it has the Uupay.A trojan apparently macerating as Google Play service.

This program ist known here since 2013/08.
Kaspersky lab wrote in march about this problem - but it was not interesting enought.
Now, the german crew from GData saw this app (it is only a PUP - not a trojan or virus) and they make money with there own anti virus app.

Go to settings --> Apps --> scroll to all apps --> deactivate (or remmove all apps if your phone is rooted.)
You are able to scann all apps on your phone if you pull all apps to your PC (adb pull /system/app and if you run KitKat adb pull /system/priv-app)

Remember: In the eyes of anti virus crews are all rooting apps also malicous apps!
The Following 2 Users Say Thank You to N2k1 For This Useful Post: [ View ]
17th June 2014, 09:43 AM   |  #4  
zxzyzd's Avatar
Senior Member
Thanks Meter: 249
 
481 posts
Join Date:Joined: Feb 2011
Also see http://forum.xda-developers.com/show....php?t=2395007
Last edited by zxzyzd; 17th June 2014 at 03:29 PM.
The Following User Says Thank You to zxzyzd For This Useful Post: [ View ]
17th June 2014, 10:05 AM   |  #5  
SUMM0NER's Avatar
OP Member
Flag London
Thanks Meter: 5
 
38 posts
Join Date:Joined: Jun 2007
Thumbs up
Thanks everyone!

Rooted my phone with this and then removed the fake Google Play app with Root App Delete.
Last edited by SUMM0NER; 17th June 2014 at 10:09 AM.
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Top Threads in Security Discussion by ThreadRank