Triada.aw trojan in brand new Ulefone S8 Pro [MT6737]

[r1kkman]

Hello.
I just bought a brand new Ulefone S8 Pro from Gearbest.
While connecting to my company's wifi an alarm from their security service (Esentire) picked up a trojan signature hash: Triada.aw
Anyone had this problem before?
How can I root this phone and which ROM should I flash?
Thank you.

 

[IronRoo]

Hello.
I just bought a brand new Ulefone S8 Pro from Gearbest.
While connecting to my company's wifi an alarm from their security service (Esentire) picked up a trojan signature hash: Triada.aw
Anyone had this problem before?
How can I root this phone and which ROM should I flash?
Thank you.

Don't know about your phone specifically but you should be able to find a way to disable that app (others too maybe) their are many tutorials on web eg
https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/

Or maybe apps like Package Disabler or Debloater etc will work for you. But if you can find a root method & custom ROM, that may be better (best to use a well known one from a trusted dev here on XDA)

 

[mfonemaello]

same problem with ulefone

Hello.
I just bought a brand new Ulefone S8 Pro from Gearbest.
While connecting to my company's wifi an alarm from their security service (Esentire) picked up a trojan signature hash: Triada.aw
Anyone had this problem before?
How can I root this phone and which ROM should I flash?
Thank you.

Hello, I have the same problem and I have sent several emails to the company to eliminate the Trojan of the sound recorder ... but they still do not answer.
I'll keep sending more emails, but ... if some developer does twrp for our phone, we can root it and delete it.

 

[r1kkman]

Workaround

Hello, I have the same problem and I have sent several emails to the company to eliminate the Trojan of the sound recorder ... but they still do not answer.
I'll keep sending more emails, but ... if some developer does twrp for our phone, we can root it and delete it.

Yes, Ulefone just doesn't care. You can try ADB, then uninstall that app. The apk stays on the phone but inactive. That's what I have done.

 

[mfonemaello]

Trojan in recorder of ulefone s8 pro

Yes, Ulefone just doesn't care. You can try ADB, then uninstall that app. The apk stays on the phone but inactive. That's what I have done.

The problem of the Trojan of my ULEFONE S8 PRO is the sound recorder, and it is installed in the system part, so if I do not root or install TWRP I can not delete it. If any developer can help us and give us some solution ... I sent several emails to ULEFONE and they do not answer. The Trojan was detected by ESET NOD 32 MOBILE.
Thank you

 

[IronRoo]

The problem of the Trojan of my ULEFONE S8 PRO is the sound recorder, and it is installed in the system part, so if I do not root or install TWRP I can not delete it. If any developer can help us and give us some solution ... I sent several emails to ULEFONE and they do not answer. The Trojan was detected by ESET NOD 32 MOBILE.
Thank you

They will not remove it it's what they built into system & it is working exactly as it was designed to work, I believe. It's just that most people would probably class it as a Trojan due to it's behavior.

you should freeze it like @r1kkman.

 

[r1kkman]

freeze it

The problem of the Trojan of my ULEFONE S8 PRO is the sound recorder, and it is installed in the system part, so if I do not root or install TWRP I can not delete it. If any developer can help us and give us some solution ... I sent several emails to ULEFONE and they do not answer. The Trojan was detected by ESET NOD 32 MOBILE.
Thank you

Yes, with TWRP or CWM we could root it and delete the apk, but with ADB you can uninstall it. Then just the apk package sits in the priv-apps folder, without harming the OS.

 

[mfonemaello]

thnxs unninstalling with adb metod

Yes, with TWRP or CWM we could root it and delete the apk, but with ADB you can uninstall it. Then just the apk package sits in the priv-apps folder, without harming the OS.

Hi, thanks for the help, I uninstalled it by the ADB method, I do not intend to buy more phones of this brand, they do not respond to the emails that I sent them. Very bad company.
:good:

---------- Post added at 04:40 PM ---------- Previous post was at 04:38 PM ----------

Don't know about your phone specifically but you should be able to find a way to disable that app (others too maybe) their are many tutorials on web eg
https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/

Or maybe apps like Package Disabler or Debloater etc will work for you. But if you can find a root method & custom ROM, that may be better (best to use a well known one from a trusted dev here on XDA)

Hi, thanks for the help, I uninstalled it by that ADB method, I do not intend to buy more phones of this brand, they do not respond to the emails that I sent them. Very bad company.

---------- Post added at 04:43 PM ---------- Previous post was at 04:40 PM ----------

They will not remove it it's what they built into system & it is working exactly as it was designed to work, I believe. It's just that most people would probably class it as a Trojan due to it's behavior.

you should freeze it like @r1kkman.

Hi, thanks for the help, I uninstalled it by that ADB method, I do not intend to buy more phones of this brand, they do not respond to the emails that I sent them. Very bad company.

---------- Post added at 04:46 PM ---------- Previous post was at 04:43 PM ----------

Yes, Ulefone just doesn't care. You can try ADB, then uninstall that app. The apk stays on the phone but inactive. That's what I have done.

Hi, thanks for the help, uninstalled:good:

 

[TheDarkLord098]

Mobile Uncle Tools might fix it, download on your computer and plug in your device and click "Remove China". It deletes all detected Chinese apps.

 

[mfonemaello]

thxs Dark ... unninstalled with adb metod

Mobile Uncle Tools might fix it, download on your computer and plug in your device and click "Remove China". It deletes all detected Chinese apps.

thxs for all, I unninstalled by ADB metod. :good:

 

[TheDarkLord098]

thxs for all, I unninstalled by ADB metod. :good:

Oh ok, switch to Doogee

 

[devitrified]

thxs for all, I unninstalled by ADB metod. :good:

Do you mind giving details about how you did without root? I tried the following

adb shell pm uninstall com.android.soundrecorder

and got the following error: Failure [DELETE_FAILED_INTERNAL_ERROR]

Never mind, found it:

pm uninstall -k --user 0 com.android.soundrecorder

 

[mfonemaello]

fixed trojan in ULEFONE

Do you mind giving details about how you did without root? I tried the following

adb shell pm uninstall com.android.soundrecorder

and got the following error: Failure [DELETE_FAILED_INTERNAL_ERROR]

Never mind, found it:

pm uninstall -k --user 0 com.android.soundrecorder

Hello, follow the instructions in this tutorial, and you can remove the Trojan from your ULEFONE :good:
https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/

 

[Napfgeist]

Hi there!
Thanks for the help regarding Ulefone S8 Pro Tojan.

Just received my brand new S8 Pro yesterday 14.02.2018.
Shipped from the "Ulefone Official Store" at Aliexpress.

However, so far everything fine, beside the fact that they still ship out devices with the Trojan in the ROM.
Checking with ESET, IKARUS and Malwarebytes confirms the result.

Build Number: F9G62C.GQU.Ulefone.HB.H.SSXSJS5MH.0718.V3.01

However I could successfully remove the soundrecorder.apk by using ADB shell.
Nethertheless Ulefone doesn't offer FOTA update after 3 months of detecting the virus in the firmware.

Best regards

 

[IronRoo]

Nethertheless Ulefone doesn't offer FOTA update after 3 months of detecting the virus in the firmware.

Best regards

I believe they are unlikely to change the trojan app as they do not regard it as such, it's working as they intended, .... one man's Trojan is another man's feature :silly:

 

[Napfgeist]

I have just updated to V3.03
Found on needrom.com
And there are no hidden Spy Apps like on V3.01

 

[Korin67]

I tried but no success

I have just updated to V3.03
Found on needrom.com
And there are no hidden Spy Apps like on V3.01

I found it in needrom.com. I used MP MDT. It contains everything including device driver. I followed all the steps as
the author said. First of all, my OS 's (tried Win10 and Win8) do not detect my Ulefone. I checked device manager but
no port appears. Needless to say, SP_MDT does not detect anything in step 9).
What version of OS did you use? You used device driver included in the SP_MDT package?
Please describe (briefly) about your success story.
Thanks.

 

[Korin67]

Solved

After posting my problem, I kept trying and solved. The solution is easy. Use the newest version of SP_Flash_Tool.
The version is 5..1804 at this moment. Everything was smooth on this tool. I tried with my Win8. Drivers seems successfully installed with the installer on needrom.com. Only the point I found is that when you plug Ulefone S8 pro
after click 'Download' button on Flash_Tool, better detection is expected if you keep pressing the Vol Down button
of the smartphone then connect the USB plug.
I am now V3.02, yes you can go to V3.03 but a post on needrom.com says there is some problem with V3.03. If the
problem will be solved, I will go to V3.03 (or V3.04 at that time?).

 

[Napfgeist]

After posting my problem, I kept trying and solved. The solution is easy. Use the newest version of SP_Flash_Tool.
The version is 5..1804 at this moment. Everything was smooth on this tool. I tried with my Win8. Drivers seems successfully installed with the installer on needrom.com. Only the point I found is that when you plug Ulefone S8 pro
after click 'Download' button on Flash_Tool, better detection is expected if you keep pressing the Vol Down button
of the smartphone then connect the USB plug.
I am now V3.02, yes you can go to V3.03 but a post on needrom.com says there is some problem with V3.03. If the
problem will be solved, I will go to V3.03 (or V3.04 at that time?).

OK, good to see that you solved the problem by using latest version of flashtool.

What I am facing on both versions is following.
Scheduled On/Off does not work when the phone is connected at charger.

I am using this feature with the phone is connected at the charger to automatically switch on/off during night.
On all my old Android 6.0 devices this works great. However in the Ulefone S8 Pro the scheduled On/Off does work only when the timer is set at arround 1h. Setting up to 8h and connecting to the charger, the phone does not wake up and switch on.

It seems to be a problem of the Doze, battery mode of Android 7.0.
Can someone try this feature?

Thank you.

 

[mkirasi7]

Does anyone know if Ulefone s8 pro has screen mirroring function. (Cast)