Yeah but which file do you run? There are two listed in the OP
edify.zip or preedify.zip? Thanks!!!
[Patch]Malware Exploit for all pre-Gingerbread phones
- Thread starter Rodderik
- Start date
Yeah but which file do you run? There are two listed in the OP
edify.zip or preedify.zip? Thanks!!!
Rodderik - very useful, thanks much. This will be in SyndicateROM Frozen 1.0.1.
EDIT: Between this and CIQ removal, we devs have malware removal/prevention covered.
I've been running AVG AntiVirus since I was on Syndicate 2.1, and recently upgraded to Syndicate 2.2. I download mp3's using an app called MP3 Downloader, sometimes download random pics for my live wallpaper slideshow app. Am I just waisting space by using AVG since you've done such cool things within your ROM?
wouldn't droidwall do a good enough job for protection? assuming i didn't give any dodgy app internet access?
then wouldn't it just stop any traffic thus preventing any malware downloading new code?
then wouldn't it just stop any traffic thus preventing any malware downloading new code?
security? hahaha... not
revive. just saw the androidpolice article linking to this.. btw, many people have a firmware under gingerbread and are still affected by this!
i bet 743C is a alias for a government payed hacker..
but whatever, look how easy it is to get your data, i think with a high percentage, even with gingerbread there are still spyfeatures like this backdoor.
the biggest backdoor by the way is google itself with the market and all other google apps.
Just check the structure of the apps and read there agreements.. and read some news/articles how they all want your data.
I even believe, they make fotos with the front camera while you doing something, like creating a new google account.. high probality.
believe it, you would wonder alot if you would knew what they do.
revive. just saw the androidpolice article linking to this.. btw, many people have a firmware under gingerbread and are still affected by this!
i bet 743C is a alias for a government payed hacker..
but whatever, look how easy it is to get your data, i think with a high percentage, even with gingerbread there are still spyfeatures like this backdoor.
the biggest backdoor by the way is google itself with the market and all other google apps.
Just check the structure of the apps and read there agreements.. and read some news/articles how they all want your data.
I even believe, they make fotos with the front camera while you doing something, like creating a new google account.. high probality.
believe it, you would wonder alot if you would knew what they do.
Last edited:
i've also implemented this in my kernel and i know a few other developers have
in my custom init script:
rom devs could put that in init.d as well if they wanted to
in my custom init script:
Code:
# Patch to attempt removal and prevention of DroidDream malware
if [ -f "/system/bin/profile" ]; then
rm /system/bin/profile
fi
touch /system/bin/profile
chmod 644 /system/bin/profilerom devs could put that in init.d as well if they wanted to
i've also implemented this in my kernel and i know a few other developers have
in my custom init script:
Code:# Patch to attempt removal and prevention of DroidDream malware if [ -f "/system/bin/profile" ]; then rm /system/bin/profile fi touch /system/bin/profile chmod 644 /system/bin/profile
rom devs could put that in init.d as well if they wanted to
It's in my kernel that's for sure. Will be in 1.3 as well.
Sent from my SPH-D700 using XDA Premium App
Watch the one click script when rooting your phone, you'll see 7-4-3-C@[some email domain].de, if I recall correctly... they.re the ones claiming original credit for either the script or the root exploit, can't remember which
Sent from my SPH-D700 using XDA App
Similar threads
- Locked
Top Liked Posts
-
There are no posts matching your filters.
-
54[Patch][Rom]Malware Exploit for all pre-Gingerbread phones
Who is affected? All phones pre-gingerbread
Who should act? Users and developers using pre-gingerbread roms
How do I fix? Flash attached .zip at the bottom of this post or use one of the alternate methods down there
What if I think I was infected? Completely wipe your device, format sdard, go back to stock and re-apply rom, then flash the attached .zip (before installing any apps)
Why should I care? read below...
http://www.androidpolice.com/2011/0...your-phone-steal-your-data-and-open-backdoor/
http://www.androidpolice.com/2011/0...-android-nightmare-and-weve-got-more-details/
As you can see androidpolice.com reports on this backdoor and roots and steals personal information. The apps are removed from the market but that doesn't mean they got them all. Attached is a flashable fix as suggested by androidpolice.com
So users can flash this .zip or simply create a blank file called profile and place it in /system/bin/ (developers are encouraged to include this file in future releases. A blank file is not going to affect performance at all)
Alternate methods:
Using 'adb shell' or terminal emulator (should work on any ROOTED phone) as suggest by xaueious here
Code:$ su su # remount rw Remounting /system (/dev/stl9) in read/write mode # touch /system/bin/profile # chmod 644 /system/bin/profile #
Alternate 2:
Download blank profile file from here (or create one and name it profile)
Use a program like Root Explorer to copy it to /system/bin/
Then longpress on it and check the permissions should be read/write for user, read for group, and read for others.
Alternate 3:
cyansmoker has put together an apk for the patch here https://market.android.com/details?id=com.voilaweb.mobile.droiddreamkiller
Thanks for pointing this out photoframd and androidpolice.com for investigating and reporting!
UPDATE: I renamed the .zip file and reuploaded it (350 hits wow). Also in the edify scripted version I added 644 permissions to the file (but if you already flashed it then it should have defaulted to that). I also added a pre-edify version of the patch thanks to xaueious for people using a recovery that does not yet understand edify.5
Well, these is now an .apk. Look for "DroidDreamKiller" on the market (I know it's a stupid name) or on the web: https://market.android.com/details?id=com.voilaweb.mobile.droiddreamkiller
It's a really simple app that I quickly put together by ripping pieces of another of my apps.11
It is quite possible. Check and see if you installed any of the programs lately from the OP. If so then it is quite possible. It is also quite possible a rom developer put that file in there so that is not a 100% way of making sure.
Yes indeed!
Here is more from the articles I posted
So I'm assuming that means Lookout scans for or will soon scan for this malware.
