FORUMS

Which Lockscreen Security Type Do You Use?

From pattern locks to the controversial face unlock, there are a number of different ways you … more

Xposed 3.0 Alpha 3 Released

A new alpha for the Xposed framework is out and brings several bug fixes. You’ll only need to flash … more

XDA Recap: This Week In Android (Apr 18 – 25)

Here in the digital XDA newsroom, we spend our days pouring over an average of … more

Sunday Debate: Custom ROMs vs. Modular Tweaks

Join us in a fun Sunday Debate on Mods and ROMs. Come with your opinions and feel free to … more
Post Reply Subscribe to Thread Email Thread

[Q] Warning: Possible Chinese Trojan from coolapk.com

28th February 2014, 02:17 PM |#1  
OP Junior Member
Flag Wuppertal
Thanks Meter: 5
 
Donate to Me
More
Hello,

I wanted to warn you of this website: coolapk.com. Certain apk files contain "additional" parts. In this case it was a part of VLC (Video Lan Client). After downloading an apk file and installing, all seems to be normal and the desired software is running. Under applications there are only the programs you know about. But after close look, you will find a hidden additional application under Settings/Apps/Show All at the bottom behind letter Z if showing within alphabetical order containing only chinese signs. It is already running, you can not deinstall it only force stop and deactivate is possible. The file size is shown as 4KB. After uninstalling the original app this still is keeped in your system. During the installation there was absolutely no sign of additional software attached. This device is not rooted and has OEM ROM. The machine I was using is Motorola (Enterprise Solutions) TC55 PN TC55BH-JC11ES, Android 4.1.2 Build 131013-SI-1800EN-01.45-15443J-4.1.2-user. I downloaded the apk files 24.02.2014 and the chinese software contains a following timestamp in the properties: 20131013.224458. This app has following rights granted: personal information (read all words attached to the dictionary, read contacts) and network communication (full network access). Attached is the screenshot of above mentioned hidden software (only app-info), perhaps a friendly user can help translate and tell what is it, because it's behaviour as far is not really trustworthy for me.
Contact me for additional questions (enterprise class units only).

regards + stay clean

Bogusz Schubert/pimpex.net
Attached Thumbnails
Click image for larger version

Name:	chin_IMG_1171s.JPG
Views:	390
Size:	43.5 KB
ID:	2605685  
Last edited by pimpex.net; 28th February 2014 at 02:26 PM. Reason: -
The Following 2 Users Say Thank You to pimpex.net For This Useful Post: [ View ]
 
 
28th February 2014, 03:03 PM |#2  
Junior Member
Thanks Meter: 0
 
More
thanks for the advice
14th March 2014, 10:07 AM |#3  
Junior Member
Thanks Meter: 0
 
More
I have that software on my TC55 as well. Oandbackup identifies it as com.android.inputmethod.pinyin, in other words the Chinese input from the AOSP, and the Chinese symbols in its name match the ones of the selectable alternative Chinese input under the "Language & input" settings. I have not installed anything from coolapk.com, only from F-Droid and Amazon. Are you sure this software came with VLC and was not there before? It might just be standard with the TC55.
20th March 2014, 04:00 AM |#4  
johnny grep's Avatar
Senior Member
Thanks Meter: 17
 
More
Quote:
Originally Posted by Elanguescence

I have that software on my TC55 as well. Oandbackup identifies it as com.android.inputmethod.pinyin, in other words the Chinese input from the AOSP, and the Chinese symbols in its name match the ones of the selectable alternative Chinese input under the "Language & input" settings. I have not installed anything from coolapk.com, only from F-Droid and Amazon. Are you sure this software came with VLC and was not there before? It might just be standard with the TC55.

I have that app installed on a Cisco Cius (Froyo!) as well, and am unable to uninstall it. I'd be surprised if this was malware.
20th March 2014, 06:05 AM |#5  
Bishal Pranto Roy's Avatar
Senior Member
Flag 2538′56.8145″N 8838′54.9646″E
Thanks Meter: 542
 
Donate to Me
More
Seriously??
I'll Keep It In Mind And Try Not To Let Chinese Have All My Data
9th June 2014, 01:29 PM |#6  
Senior Member
Thanks Meter: 88
 
More
Quote:
Originally Posted by pimpex.net

Hello,

I wanted to warn you of this website: coolapk.com. Certain apk files contain "additional" parts. In this case it was a part of VLC (Video Lan Client). ......

The app name in chinese means "Google's method to input chinese character by spelling". It is bad for sure to install an additional app in secret. But this input method app sounds innocent. In addition, how can you be so sure that the app sneaked in with VLC from coolapk?
On my TF101, I have a number of apks from coolapk. As far as I am concerted, It is good so far with coolapk, I have not found anything wrong yet.
Last edited by e154037; 9th June 2014 at 01:48 PM.
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes