• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

Triada.aw trojan in brand new Ulefone S8 Pro [MT6737]

Search This thread

r1kkman

New member
Dec 21, 2017
4
4
Hello.
I just bought a brand new Ulefone S8 Pro from Gearbest.
While connecting to my company's wifi an alarm from their security service (Esentire) picked up a trojan signature hash: Triada.aw
Anyone had this problem before?
How can I root this phone and which ROM should I flash?
Thank you.
 

IronRoo

Senior Member
Aug 4, 2014
1,346
434
Hello.
I just bought a brand new Ulefone S8 Pro from Gearbest.
While connecting to my company's wifi an alarm from their security service (Esentire) picked up a trojan signature hash: Triada.aw
Anyone had this problem before?
How can I root this phone and which ROM should I flash?
Thank you.

Don't know about your phone specifically but you should be able to find a way to disable that app (others too maybe) their are many tutorials on web eg
https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/

Or maybe apps like Package Disabler or Debloater etc will work for you. But if you can find a root method & custom ROM, that may be better (best to use a well known one from a trusted dev here on XDA)
 
Last edited:
  • Like
Reactions: mfonemaello

mfonemaello

Member
Jan 8, 2018
10
2
Spain
same problem with ulefone

Hello.
I just bought a brand new Ulefone S8 Pro from Gearbest.
While connecting to my company's wifi an alarm from their security service (Esentire) picked up a trojan signature hash: Triada.aw
Anyone had this problem before?
How can I root this phone and which ROM should I flash?
Thank you.

Hello, I have the same problem and I have sent several emails to the company to eliminate the Trojan of the sound recorder ... but they still do not answer.
I'll keep sending more emails, but ... if some developer does twrp for our phone, we can root it and delete it.
 

r1kkman

New member
Dec 21, 2017
4
4
Workaround

Hello, I have the same problem and I have sent several emails to the company to eliminate the Trojan of the sound recorder ... but they still do not answer.
I'll keep sending more emails, but ... if some developer does twrp for our phone, we can root it and delete it.

Yes, Ulefone just doesn't care. You can try ADB, then uninstall that app. The apk stays on the phone but inactive. That's what I have done.
 

mfonemaello

Member
Jan 8, 2018
10
2
Spain
Trojan in recorder of ulefone s8 pro

Yes, Ulefone just doesn't care. You can try ADB, then uninstall that app. The apk stays on the phone but inactive. That's what I have done.
The problem of the Trojan of my ULEFONE S8 PRO is the sound recorder, and it is installed in the system part, so if I do not root or install TWRP I can not delete it. If any developer can help us and give us some solution ... I sent several emails to ULEFONE and they do not answer. The Trojan was detected by ESET NOD 32 MOBILE.
Thank you:(
 

IronRoo

Senior Member
Aug 4, 2014
1,346
434
The problem of the Trojan of my ULEFONE S8 PRO is the sound recorder, and it is installed in the system part, so if I do not root or install TWRP I can not delete it. If any developer can help us and give us some solution ... I sent several emails to ULEFONE and they do not answer. The Trojan was detected by ESET NOD 32 MOBILE.
Thank you:(

They will not remove it it's what they built into system & it is working exactly as it was designed to work, I believe. It's just that most people would probably class it as a Trojan due to it's behavior.

you should freeze it like @r1kkman.
 
  • Like
Reactions: mfonemaello

r1kkman

New member
Dec 21, 2017
4
4
freeze it

The problem of the Trojan of my ULEFONE S8 PRO is the sound recorder, and it is installed in the system part, so if I do not root or install TWRP I can not delete it. If any developer can help us and give us some solution ... I sent several emails to ULEFONE and they do not answer. The Trojan was detected by ESET NOD 32 MOBILE.
Thank you:(

Yes, with TWRP or CWM we could root it and delete the apk, but with ADB you can uninstall it. Then just the apk package sits in the priv-apps folder, without harming the OS.
 

mfonemaello

Member
Jan 8, 2018
10
2
Spain
thnxs unninstalling with adb metod

Yes, with TWRP or CWM we could root it and delete the apk, but with ADB you can uninstall it. Then just the apk package sits in the priv-apps folder, without harming the OS.
Hi, thanks for the help, I uninstalled it by the ADB method, I do not intend to buy more phones of this brand, they do not respond to the emails that I sent them. Very bad company.
:good:

---------- Post added at 04:40 PM ---------- Previous post was at 04:38 PM ----------

Don't know about your phone specifically but you should be able to find a way to disable that app (others too maybe) their are many tutorials on web eg
https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/

Or maybe apps like Package Disabler or Debloater etc will work for you. But if you can find a root method & custom ROM, that may be better (best to use a well known one from a trusted dev here on XDA)
Hi, thanks for the help, I uninstalled it by that ADB method, I do not intend to buy more phones of this brand, they do not respond to the emails that I sent them. Very bad company.:cool:

---------- Post added at 04:43 PM ---------- Previous post was at 04:40 PM ----------

They will not remove it it's what they built into system & it is working exactly as it was designed to work, I believe. It's just that most people would probably class it as a Trojan due to it's behavior.

you should freeze it like @r1kkman.

Hi, thanks for the help, I uninstalled it by that ADB method, I do not intend to buy more phones of this brand, they do not respond to the emails that I sent them. Very bad company.:cool:

---------- Post added at 04:46 PM ---------- Previous post was at 04:43 PM ----------

Yes, Ulefone just doesn't care. You can try ADB, then uninstall that app. The apk stays on the phone but inactive. That's what I have done.

Hi, thanks for the help, uninstalled:good:
 

devitrified

Member
Oct 8, 2012
32
3
thxs for all, I unninstalled by ADB metod. :good:

Do you mind giving details about how you did without root? I tried the following

Code:
adb shell pm uninstall com.android.soundrecorder

and got the following error: Failure [DELETE_FAILED_INTERNAL_ERROR]

Never mind, found it:
Code:
pm uninstall -k --user 0 com.android.soundrecorder
 
Last edited:

mfonemaello

Member
Jan 8, 2018
10
2
Spain
fixed trojan in ULEFONE

Do you mind giving details about how you did without root? I tried the following

Code:
adb shell pm uninstall com.android.soundrecorder

and got the following error: Failure [DELETE_FAILED_INTERNAL_ERROR]

Never mind, found it:
Code:
pm uninstall -k --user 0 com.android.soundrecorder

Hello, follow the instructions in this tutorial, and you can remove the Trojan from your ULEFONE :good:
https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/
 

Napfgeist

Senior Member
Sep 15, 2010
55
5
Switzerland
Hi there!
Thanks for the help regarding Ulefone S8 Pro Tojan.

Just received my brand new S8 Pro yesterday 14.02.2018.
Shipped from the "Ulefone Official Store" at Aliexpress.

However, so far everything fine, beside the fact that they still ship out devices with the Trojan in the ROM.
Checking with ESET, IKARUS and Malwarebytes confirms the result.

Build Number: F9G62C.GQU.Ulefone.HB.H.SSXSJS5MH.0718.V3.01

However I could successfully remove the soundrecorder.apk by using ADB shell.
Nethertheless Ulefone doesn't offer FOTA update after 3 months of detecting the virus in the firmware.

Best regards
 

Attachments

  • eset_infected.png
    eset_infected.png
    72.3 KB · Views: 300
  • ikarus_message_infect.png
    ikarus_message_infect.png
    95.2 KB · Views: 298
  • malwarebytes_infected.png
    malwarebytes_infected.png
    108.4 KB · Views: 291
  • ulefone_p8_pro_build_no.png
    ulefone_p8_pro_build_no.png
    91.2 KB · Views: 284

Korin67

Senior Member
Feb 24, 2018
205
93
I tried but no success

I have just updated to V3.03
Found on needrom.com
And there are no hidden Spy Apps like on V3.01

I found it in needrom.com. I used MP MDT. It contains everything including device driver. I followed all the steps as
the author said. First of all, my OS 's (tried Win10 and Win8) do not detect my Ulefone. I checked device manager but
no port appears. Needless to say, SP_MDT does not detect anything in step 9).
What version of OS did you use? You used device driver included in the SP_MDT package?
Please describe (briefly) about your success story.
Thanks.
 
  • Like
Reactions: Napfgeist

Korin67

Senior Member
Feb 24, 2018
205
93
Solved

After posting my problem, I kept trying and solved. The solution is easy. Use the newest version of SP_Flash_Tool.
The version is 5..1804 at this moment. Everything was smooth on this tool. I tried with my Win8. Drivers seems successfully installed with the installer on needrom.com. Only the point I found is that when you plug Ulefone S8 pro
after click 'Download' button on Flash_Tool, better detection is expected if you keep pressing the Vol Down button
of the smartphone then connect the USB plug.
I am now V3.02, yes you can go to V3.03 but a post on needrom.com says there is some problem with V3.03. If the
problem will be solved, I will go to V3.03 (or V3.04 at that time?).
 
  • Like
Reactions: Napfgeist

Napfgeist

Senior Member
Sep 15, 2010
55
5
Switzerland
After posting my problem, I kept trying and solved. The solution is easy. Use the newest version of SP_Flash_Tool.
The version is 5..1804 at this moment. Everything was smooth on this tool. I tried with my Win8. Drivers seems successfully installed with the installer on needrom.com. Only the point I found is that when you plug Ulefone S8 pro
after click 'Download' button on Flash_Tool, better detection is expected if you keep pressing the Vol Down button
of the smartphone then connect the USB plug.
I am now V3.02, yes you can go to V3.03 but a post on needrom.com says there is some problem with V3.03. If the
problem will be solved, I will go to V3.03 (or V3.04 at that time?).

OK, good to see that you solved the problem by using latest version of flashtool.

What I am facing on both versions is following.
Scheduled On/Off does not work when the phone is connected at charger.

I am using this feature with the phone is connected at the charger to automatically switch on/off during night.
On all my old Android 6.0 devices this works great. However in the Ulefone S8 Pro the scheduled On/Off does work only when the timer is set at arround 1h. Setting up to 8h and connecting to the charger, the phone does not wake up and switch on.

It seems to be a problem of the Doze, battery mode of Android 7.0.
Can someone try this feature?

Thank you.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    Workaround

    Hello, I have the same problem and I have sent several emails to the company to eliminate the Trojan of the sound recorder ... but they still do not answer.
    I'll keep sending more emails, but ... if some developer does twrp for our phone, we can root it and delete it.

    Yes, Ulefone just doesn't care. You can try ADB, then uninstall that app. The apk stays on the phone but inactive. That's what I have done.
    2
    freeze it

    The problem of the Trojan of my ULEFONE S8 PRO is the sound recorder, and it is installed in the system part, so if I do not root or install TWRP I can not delete it. If any developer can help us and give us some solution ... I sent several emails to ULEFONE and they do not answer. The Trojan was detected by ESET NOD 32 MOBILE.
    Thank you:(

    Yes, with TWRP or CWM we could root it and delete the apk, but with ADB you can uninstall it. Then just the apk package sits in the priv-apps folder, without harming the OS.
    2
    fixed trojan in ULEFONE

    Do you mind giving details about how you did without root? I tried the following

    Code:
    adb shell pm uninstall com.android.soundrecorder

    and got the following error: Failure [DELETE_FAILED_INTERNAL_ERROR]

    Never mind, found it:
    Code:
    pm uninstall -k --user 0 com.android.soundrecorder

    Hello, follow the instructions in this tutorial, and you can remove the Trojan from your ULEFONE :good:
    https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/
    1
    Hello.
    I just bought a brand new Ulefone S8 Pro from Gearbest.
    While connecting to my company's wifi an alarm from their security service (Esentire) picked up a trojan signature hash: Triada.aw
    Anyone had this problem before?
    How can I root this phone and which ROM should I flash?
    Thank you.

    Don't know about your phone specifically but you should be able to find a way to disable that app (others too maybe) their are many tutorials on web eg
    https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/

    Or maybe apps like Package Disabler or Debloater etc will work for you. But if you can find a root method & custom ROM, that may be better (best to use a well known one from a trusted dev here on XDA)
    1
    The problem of the Trojan of my ULEFONE S8 PRO is the sound recorder, and it is installed in the system part, so if I do not root or install TWRP I can not delete it. If any developer can help us and give us some solution ... I sent several emails to ULEFONE and they do not answer. The Trojan was detected by ESET NOD 32 MOBILE.
    Thank you:(

    They will not remove it it's what they built into system & it is working exactly as it was designed to work, I believe. It's just that most people would probably class it as a Trojan due to it's behavior.

    you should freeze it like @r1kkman.