I need help with an apk that comes with a malware

Search This thread
By:
Advanced…
Z

ZIGS318

Member
Jan 23, 2022
9
2
Hi, everyobody. So, I've downloaded an apk for a multiplattform emulator that I used to have installed in my phone but lost when rebooting and happens to have been removed from the PlayStore. The thing is, said apk seems to come with a malware. I've done a couple of test to see if the malware was from somewhere else or if it comes from the phone's system but it seems like it comes in the apk of the emulator.

This malware installs some bloatware apps and even if I uninstall them, the malware just installs them again by itself. It also starts to take control of the phone. The malware, however, disappears if I do a factory reset. I tried opening the apk file with a file explorer and see what's inside the apk file to see if I could identify the malware files or whatever that triggers it and erase them from the apk, but unfortunately I lack the knowledge to tell what belongs to the emulator and is the malware.

I know it's a little bit silly of a help request, but I really like that emulator and I can't find a clean malware-free apk of it. If someone with knowledge on the subject has some spare time and is willing to help me with this silly request I would be really greatful to them.

Here's one of the few links to the apk. CAREFUL: don't install it, the malware seems to install itself in your phone's system and won't gomeven if you uninstall the emulator.

www.google.com

Retrogaming Emulator for Android for Android - APK Download

Download Retrogaming Emulator for Android apk 4.14.0 for Android. PSX Emulator, GBA Emulator, SNES Emulator, NES Emulator, PSP Emulator, TV Box
www.google.com www.google.com

I have read the rules and I don't think I'm breaking them by asking help with this, but if I'm making something wrong or if this is not the place for asking for this kind of help, please let me know and I'll delete the post. Also, it would be nice if you could tell me what is a proper site for asking help with this.

Thanks in advance, everybody.
 
Last edited:
Sort by date Sort by votes
blackhawk

blackhawk

Senior Member
Jun 23, 2020
14,260
6,191
Samsung Galaxy Note 10+
I wouldn't even attempt to download a known infected file🤣
Scan it with online Virustotal and see what you got. You should have done this before side loading it... not very clever.
If it's not the cause a factory reset is in your future, and if you're running Android 8 or lower more may be required if its a rootkit.
Find and ID the malware and uninstall/delete it... if you can.
 
  • Like
Reactions: Sentimental Sugarcube, James_Watson and ZIGS318
Upvote 0 Downvote
xXx yYy

xXx yYy

Senior Member
Feb 4, 2017
2,880
17
578
ZIGS318 said:
Hi, everyobody. So, I've downloaded an apk for a multiplattform emulator that I used to have installed in my phone but lost when rebooting and happens to have been removed from the PlayStore. The thing is, said apk seems to come with a malware. I've done a couple of test to see if the malware was from somewhere else or if it comes from the phone's system but it seems like it comes in the apk of the emulator.

This malware installs by itself again if I uninstall it and starts to take control of the phone. I tried opening the apk file with a file explorer and see what's inside the apk file to see if I could identify the malware files or whatever that triggers it and erase them from the apk, but unfortunately I lack the knowledge to tell what belongs to the emulator and what could not.
Click to expand...
Click to collapse
how does this malware manifest itself?

you can always run the apk through an online android-apk decompiler to get the source code and then look into it
 
Last edited:
  • Like
Reactions: ZIGS318
Upvote 1 Downvote
A

Austinredstoner

Senior Member
Feb 3, 2021
971
2,090
Redmi Note 10 Pro
ZIGS318 said:
Hi, everyobody. So, I've downloaded an apk for a multiplattform emulator that I used to have installed in my phone but lost when rebooting and happens to have been removed from the PlayStore. The thing is, said apk seems to come with a malware. I've done a couple of test to see if the malware was from somewhere else or if it comes from the phone's system but it seems like it comes in the apk of the emulator.

This malware installs by itself again if I uninstall it and starts to take control of the phone. I tried opening the apk file with a file explorer and see what's inside the apk file to see if I could identify the malware files or whatever that triggers it and erase them from the apk, but unfortunately I lack the knowledge to tell what belongs to the emulator and what could not.

I know it's a little bit silly of a help request, but I really like that emulator and I can't find a clean malware-free apk of it. If someone with knowledge on the subject has some spare time and is willing to help me with this silly request I would be really greatful to them.

Here's one of the few links to the apk. CAREFUL: don't install it, the malware seems to install itself in your phone's system and won't gomeven if you uninstall the emulator.

www.google.com

Retrogaming Emulator for Android for Android - APK Download

Download Retrogaming Emulator for Android apk 4.14.0 for Android. PSX Emulator, GBA Emulator, SNES Emulator, NES Emulator, PSP Emulator, TV Box
www.google.com www.google.com

I have read the rules and I don't think I'm breaking them by asking help with this, but if I'm making something wrong or if this is not the place for asking for this kind of help, please let me know and I'll delete the post. Also, it would be nice if you could tell me what is a proper site for asking help with this.

Thanks in advance, everybody.
Click to expand...
Click to collapse
Did u just said malware can't be uninstalled even after doing factory reset. The malware is called xhelper that's a malware that can't be uninstalled once u get it.
 
  • Like
Reactions: Sentimental Sugarcube and blackhawk
Upvote 0 Downvote
Z

ZIGS318

Member
Jan 23, 2022
9
2
blackhawk said:
I wouldn't even attempt to download a known infected file🤣
Scan it with online Virustotal and see what you got. You should have done this before side loading it... not very clever.
If it's not the cause a factory reset is in your future, and if you're running Android 8 or lower more may be required if its a rootkit.
Find and ID the malware and uninstall/delete it... if you can.
Click to expand...
Click to collapse
Thanks for the advice.
 
  • Like
Reactions: blackhawk
Upvote 0 Downvote
Z

ZIGS318

Member
Jan 23, 2022
9
2
xXx yYy said:
how does this malware manifest itself?

you can always run the apk through an online android-apk decompiler to get the source code and then look into it
Click to expand...
Click to collapse
Well, for what I've seen it's a malware that hides in the system files (I don't know where). Once there, it starts installing bloatware and spyware on the phone and starts to take control of things like the browser (mostly to show pages of ads and bets) and calls and messages. I can uninstall the bloatware apps, but the malware installs them again after some time has passed. After a Factory Reset, the malware is gone, that's how I realized the malware comes from the emulator apk. But Iike that emulator so I want to erase the malware from the apk. Also, thanks for the advice, I will try it. :"D
 
Upvote 0 Downvote
Z

ZIGS318

Member
Jan 23, 2022
9
2
Austinredstoner said:
Did u just said malware can't be uninstalled even after doing factory reset. The malware is called xhelper that's a malware that can't be uninstalled once u get it.
Click to expand...
Click to collapse
No, I expressed myself wrong. The malware disappears after a factory reset. What I can't uninstall is the bloatware apps that the malware installs while it's in the phone. Once the malware is gone, so are the bloatware apps.
 
  • Like
Reactions: Austinredstoner
Upvote 1 Downvote
X

xdabookam

Member
Feb 8, 2015
15
2
Can't help with de-compiling but when I was investigating a malware outbreak, I turned off the system setting apk.
It later turned out to be ES file explorer and the apps were being installed via google play/mobile services.
Of course you can't change any settings but at least I could use the phone and nothing got installed.
Use the terminal/adb commands to turn off and back on when your done:
pm disable com.android.settings / pm enable com.android.settings
 
Last edited:
  • Like
Reactions: ZIGS318
Upvote 0 Downvote
Z

ZIGS318

Member
Jan 23, 2022
9
2
xdabookam said:
Can't help with de-compiling but when I was investigating a malware outbreak, I turned of the system setting apk.
It later turned out to be ES file explorer and the apps were being installed via google play/mobile services.
Of course you can't change any settings but at least I could use the phone and nothing got installed.
Use the terminal/adb commands to turn off and back on when your done:
pm disable com.android.settings / pm enable com.android.settings
Click to expand...
Click to collapse
Emmm...I didn't get that well. How do I enter that command? Thabks you for the answer, though.
 
Upvote 0 Downvote
Kenora_I

Kenora_I

Senior Member
Jun 12, 2021
1,352
3
333
Ireland
Redmi 7A
Samsung Galaxy A21s
ZIGS318 said:
Emmm...I didn't get that well. How do I enter that command? Thabks you for the answer, though.
Click to expand...
Click to collapse
ZIGS318 said:
Emmm...I didn't get that well. How do I enter that command? Thabks you for the answer, though.
Click to expand...
Click to collapse
He’s talking about ADB, android debug bridge.
That needs to be installed on ur pc and run while your phone is connected to the PC.
I’ll post a tutorial here.
K3V1991 said:
View attachment 5520451



NFO:
Code: 
• Versions: Installer, Portable & ADBKit
• Android Debug Bridge & Fastboot updated to latest v1.0.41 (Version 32.0.0-8006631, January 2022)

Installer Features:
• Installation Folder chooseable
• Creates Desktop & Start Menu Shortcut
• Toolkit & Desktop Shortcut
• Creates Commands Shortcut
• View Commands List
• Add to System Path Environment
• Universal ADB Driver Installation

ADBKit:
• Pure ADB (Android Debug Bridge)
• Open CMD.bat to easily open a CMD
• Only 5.81MB (compressed 2.74MB)


Requirements:
Code: 
• Windows OS
• USB Driver for your Device or Universal ADB Driver (Included in the Installer)
• PowerShell for the Toolkit

Developer Options & USB Debugging:
Code: 
01. Install the USB Driver for your Phone or Universal Adb Driver.
02. On your Phone, go to Settings > About Phone. Find the Build Number and tap on it 7 times to enable Developer Options.
03. Now enter System > Developer Options and find "USB debugging" and enable it.
04. Plug your Phone into the Computer and change it from "Charge only" to "File Transfer" Mode.
05. On your Computer, browse to the directory where you extracted the Portable Version or use Tiny ADB & Fastboot Shortcut.
07. Launch a Command Prompt with Open CMD.bat or use Tiny ADB & Fastboot Shortcut.
09. Once you’re in the Command Prompt, enter the following Command: adb devices
10. System is starting the ADB Daemon (If this is your first Time running ADB, you will see a Prompt on your Phone asking you to authorize a Connection with the Computer. Click OK.).
11. Succesful enabled USB Debugging.


Installer:
Code: 
1. Download ADB_&_Fastboot++_vXXX.exe
2. Follow the Installers Instructions and select where you would like to install ADB & Fastboot++
3. After the Installation Wizard has completed you can select to start ADB & Fastboot++
4. You should see a Command Window open, now you can use ADB and Fastboot Commands


Portable:
Code: 
1. Download ADB_&_Fastboot++_vXXX_Portable.zip
2. Extract the Zip Archive
3. Double click on Open CMD.bat
4. You should see a Command Window open, now you can use ADB and Fastboot Commands


ADBKit:
Code: 
1. Download ADBKit_vXXX.zip
2. Extract the Zip Archive
3. Double click on Open CMD.bat
4. You should see a Command Window open, now you can use ADB Commands



Toolkit Features:
• Uninstall Bloatware without Root Access
(This works because Applications truly aren’t being fully uninstalled from the Device, they are just being uninstalled for the current User
• Re-install uninstalled Apps
• Install Kernel (Popup Menu, reboots automatically to Bootloader)
• Install Recovery (Popup Menu, reboots automatically to Bootloader)
• Install APKs (Popup Menu)
• Push Files (Popup Menu)
• Check Firmware Version
• Check Android Version
• Check Kernel Version
• Check Firmware Build Date
• Check Kernel Build Date
• Check Security Patch Date
• Check IMEI
• Check IP Adresses
• Check App Packages
• Check Process Activity (Real Time)
• Take Screenshots (PNG Format)
• Video recoding - 30 Seconds (Without Device Sound)
• Video recoding - 60 Seconds (Without Device Sound)
• Video recoding - 120 Seconds (Without Device Sound)
• Video recoding - 180 Seconds (Without Device Sound)
• Reboot the Device
• Reboot to Bootloader
• Exit Bootloader to System
• Reboot to Recovery
• Create Logcat
• Exit (adb kill-server & close Toolkit)




Click to expand...
Click to collapse
 
  • Like
Reactions: ZIGS318
Upvote 0 Downvote
S

shivadow

Senior Member
Jan 26, 2012
2,634
483
Xiaomi Mi 10T Lite
The malware will be downloaded by a background process. You need to find the link for the website and break it.

The best place to start would be an app that can log dns and ip calls, like Adguard. It will also block any already known links.

If you can break the link to prevent the apps installing its a start.. But as already suggested you are better off using a more up to date app because retroarch may not run correctly on newer tech.
 
  • Like
Reactions: ZIGS318
Upvote 0 Downvote
X

xdabookam

Member
Feb 8, 2015
15
2
Kenora_I said:
He’s talking about ADB, android debug bridge.
That needs to be installed on ur pc and run while your phone is connected to the PC.
I’ll post a tutorial here.
Click to expand...
Click to collapse
Yes the pm command was entered via adb from a PC via USB. A shell terminal on the device as a standard user never seems to have the right privileges to run the pm command but su - (superuser root) will.
 
Upvote 0 Downvote
Z

ZIGS318

Member
Jan 23, 2022
9
2
shivadow said:
The malware will be downloaded by a background process. You need to find the link for the website and break it.

The best place to start would be an app that can log dns and ip calls, like Adguard. It will also block any already known links.

If you can break the link to prevent the apps installing its a start.. But as already suggested you are better off using a more up to date app because retroarch may not run correctly on newer tech.
Click to expand...
Click to collapse
Thanks for the advice! I'll see what I can do!
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

immortalneo
  • Sticky
General [HELP THREAD] Ask ANY Question. Noob Friendly.
Replies
51K
Views
2M
SubwayChamp
SubwayChamp
KidCarter93
  • Sticky
General **What phone should I buy next?** -- Not sure what device to buy? Ask here!
Replies
14K
Views
1M
S
smakedz
critofur
[Q] How can I test an .apk to see if it's "safe" to install?
Replies
21
Views
191K
Nicknackpaddywack101
Nicknackpaddywack101
heavymagik
Installing apk files - App not installed? ???
Replies
44
Views
240K
S
shyl.kara
P
All about Acer Iconia One 7 - B1-730HD (Q&A, TROUBLESHOOTING, ROOT, HELP)
Replies
1K
Views
399K
N
nullinject

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 3
    blackhawk
    blackhawk
    I wouldn't even attempt to download a known infected file🤣
    Scan it with online Virustotal and see what you got. You should have done this before side loading it... not very clever.
    If it's not the cause a factory reset is in your future, and if you're running Android 8 or lower more may be required if its a rootkit.
    Find and ID the malware and uninstall/delete it... if you can.
    View
    2
    A
    Austinredstoner
    ZIGS318 said:
    Hi, everyobody. So, I've downloaded an apk for a multiplattform emulator that I used to have installed in my phone but lost when rebooting and happens to have been removed from the PlayStore. The thing is, said apk seems to come with a malware. I've done a couple of test to see if the malware was from somewhere else or if it comes from the phone's system but it seems like it comes in the apk of the emulator.

    This malware installs by itself again if I uninstall it and starts to take control of the phone. I tried opening the apk file with a file explorer and see what's inside the apk file to see if I could identify the malware files or whatever that triggers it and erase them from the apk, but unfortunately I lack the knowledge to tell what belongs to the emulator and what could not.

    I know it's a little bit silly of a help request, but I really like that emulator and I can't find a clean malware-free apk of it. If someone with knowledge on the subject has some spare time and is willing to help me with this silly request I would be really greatful to them.

    Here's one of the few links to the apk. CAREFUL: don't install it, the malware seems to install itself in your phone's system and won't gomeven if you uninstall the emulator.

    Retrogaming Emulator for Android for Android - APK Download

    Download Retrogaming Emulator for Android apk...
    www.google.com www.google.com

    I have read the rules and I don't think I'm breaking them by asking help with this, but if I'm making something wrong or if this is not the place for asking for this kind of help, please let me know and I'll delete the post. Also, it would be nice if you could tell me what is a proper site for asking help with this.

    Thanks in advance, everybody.
    Click to expand...
    Click to collapse
    Did u just said malware can't be uninstalled even after doing factory reset. The malware is called xhelper that's a malware that can't be uninstalled once u get it.
    View
    2
    Kenora_I
    Kenora_I
    blackhawk said:
    You could try firewall blocking the app or maybe running under VMOS.
    Personally I just ditch it...
    There are decompiler apps that might enable you to defang it.
    Click to expand...
    Click to collapse
    Or there are perfectly “virus-free” emulators on the internet.
    View
    1
    xXx yYy
    xXx yYy
    ZIGS318 said:
    Hi, everyobody. So, I've downloaded an apk for a multiplattform emulator that I used to have installed in my phone but lost when rebooting and happens to have been removed from the PlayStore. The thing is, said apk seems to come with a malware. I've done a couple of test to see if the malware was from somewhere else or if it comes from the phone's system but it seems like it comes in the apk of the emulator.

    This malware installs by itself again if I uninstall it and starts to take control of the phone. I tried opening the apk file with a file explorer and see what's inside the apk file to see if I could identify the malware files or whatever that triggers it and erase them from the apk, but unfortunately I lack the knowledge to tell what belongs to the emulator and what could not.
    Click to expand...
    Click to collapse
    how does this malware manifest itself?

    you can always run the apk through an online android-apk decompiler to get the source code and then look into it
    View
    1
    S
    shivadow
    The malware will be downloaded by a background process. You need to find the link for the website and break it.

    The best place to start would be an app that can log dns and ip calls, like Adguard. It will also block any already known links.

    If you can break the link to prevent the apps installing its a start.. But as already suggested you are better off using a more up to date app because retroarch may not run correctly on newer tech.
    View

New posts