Pre-installed Uupay.A/Uupay.D spyware on some Chinese phones

Search This thread
By:
Advanced…
SUMM0NER

SUMM0NER

Member
Jun 20, 2007
40
6
London
Heise (German publisher of various computer related magazines) has just put up an article about the Chinese Star N9500 Android smartphone coming pre-loaded with a trojan called Uupay.D, that will try to harvest your personal information on the phone and may even try to send costly SMS to premium numbers.

link to the article translated into English

link to article in German

I just checked my shiny new iNew/Alps i7000 with ESET Mobile Security and sure enough, it has the Uupay.A trojan apparently macerating as Google Play service. :(
 
Last edited:
  • Like
Reactions: android.hacklab, Deleted member 3620017, ganeshkrishnan and 1 other person
G

ganeshkrishnan

New member
Apr 26, 2014
4
2
Root your device

Root your device and from /system/app remove the extra play apks. The offending apk is not part of system image but of the custom ROM that is on these phones.

Run the the ESET anti-virus to check for the trojan
 
  • Like
Reactions: android.hacklab and SUMM0NER
N

N2k1

Senior Member
Feb 19, 2008
54
25
Lenovo Zuk Z2 Pro
SUMM0NER said:
Heise (German publisher of various computer related magazines) has just put up an article about the Chinese Star N9500 Android smartphone coming pre-loaded with a trojan called Uupay.D, that will try to harvest your personal information on the phone and may even try to send costly SMS to premium numbers.

I just checked my shiny new iNew/Alps i7000 with ESET Mobile Security and sure enough, it has the Uupay.A trojan apparently macerating as Google Play service. :(
Click to expand...
Click to collapse

This program ist known here since 2013/08.
Kaspersky lab wrote in march about this problem - but it was not interesting enought.
Now, the german crew from GData saw this app (it is only a PUP - not a trojan or virus) and they make money with there own anti virus app.

Go to settings --> Apps --> scroll to all apps --> deactivate (or remmove all apps if your phone is rooted.)
You are able to scann all apps on your phone if you pull all apps to your PC (adb pull /system/app and if you run KitKat adb pull /system/priv-app)

Remember: In the eyes of anti virus crews are all rooting apps also malicous apps!
 
  • Like
Reactions: android.hacklab and SUMM0NER
You must log in or register to reply here.

Similar threads

D
[SOLVED]Bypass Google Account Protection after Factory Reset (Galaxy J3)
Replies
30
Views
275K
A
aswath1991
jcase
[CVE-2013-3685][Root]Multiple LG Android devices, Sprite Software Backup
Replies
81
Views
133K
C
c0k3r
U
[TUTO] How To Secure Your Phone
Replies
366
Views
97K
OldNoobOne
OldNoobOne
D
Multiple malware apps preinstalled on Infocus phone?
Replies
36
Views
21K
T
thameem@007
M
Can i trust my chinese (Umidigi) phone for email, banking, passwords ? (Umidigi S2 Pr
Replies
9
Views
18K
F
filispirits

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 4
    SUMM0NER
    SUMM0NER
    Heise (German publisher of various computer related magazines) has just put up an article about the Chinese Star N9500 Android smartphone coming pre-loaded with a trojan called Uupay.D, that will try to harvest your personal information on the phone and may even try to send costly SMS to premium numbers.

    link to the article translated into English

    link to article in German

    I just checked my shiny new iNew/Alps i7000 with ESET Mobile Security and sure enough, it has the Uupay.A trojan apparently macerating as Google Play service. :(
    View
    2
    G
    ganeshkrishnan
    Root your device

    Root your device and from /system/app remove the extra play apks. The offending apk is not part of system image but of the custom ROM that is on these phones.

    Run the the ESET anti-virus to check for the trojan
    View
    2
    N
    N2k1
    SUMM0NER said:
    Heise (German publisher of various computer related magazines) has just put up an article about the Chinese Star N9500 Android smartphone coming pre-loaded with a trojan called Uupay.D, that will try to harvest your personal information on the phone and may even try to send costly SMS to premium numbers.

    I just checked my shiny new iNew/Alps i7000 with ESET Mobile Security and sure enough, it has the Uupay.A trojan apparently macerating as Google Play service. :(
    Click to expand...
    Click to collapse

    This program ist known here since 2013/08.
    Kaspersky lab wrote in march about this problem - but it was not interesting enought.
    Now, the german crew from GData saw this app (it is only a PUP - not a trojan or virus) and they make money with there own anti virus app.

    Go to settings --> Apps --> scroll to all apps --> deactivate (or remmove all apps if your phone is rooted.)
    You are able to scann all apps on your phone if you pull all apps to your PC (adb pull /system/app and if you run KitKat adb pull /system/priv-app)

    Remember: In the eyes of anti virus crews are all rooting apps also malicous apps!
    View

New posts