Malware found on Nexus 5, Samsung S4 phones from the manufacturer

BokehBokeh Member Posts: 1,636 ■■■■■■■□□□
Or so the article claims. Fake Netflix programs coming pre-installed

Pre-installed malware found on new Android phones - Computerworld

Comments

  • Cert PoorCert Poor Member Posts: 240 ■■■□□□□□□□
    Whoa, creepy. Article doesn't say if any other utilities can detect the fake Netflix app. I run Lookout and Malwarebytes on mine (though not one of the devices mentioned in the article).

    Edit:

    Subject: Clean Master app on Android

    I don't want to hijack your thread, but I caught something phoning home to China aggressively recently. Every time my phone connected to the Internet (whether Wi-Fi or 4G), it immediately initiated a tcp/80 session to 119.147.146.70 which is in Guangzhou, Guangdong, China and operated by China Telecom. I was like WTF? I Googled and found out my phone maker -- HTC, a Taiwanese company -- had some kind of partnership with China Telecom, but I didn't find much more.

    I finally installed Netstat Plus and narrowed it down to "com.cleanmaster.mguard:service" which is the very highly rated Clean Master app I had just installed.

    I then found out from KS Mobile's website that:
    KS Mobile is headquartered in San Francisco with additional R&D centers in Beijing and Tokyo.

    Google Maps then told me Beijing is 2100+ km away from Guangzhou. I still don't know what kind of data is phoning home to China from the Clean Master App, and I uninstalled the app before I even bothered doing a Wireshark trace. I do know that the world's fastest publicly known supercomputer according to Top 500 is in fact in Guangzhou, China. Probably just a coincidence, ha.

    Can anyone with Clean Master on Android do a packet capture on an outbound connection to 119.147.146.70:80 and see what kind of data is aggressively phoning home? I'm always skeptical at such persistent data collection, so I uninstalled, but I'm sure many others use this app and might be curious.
    In progress: MTA: Database Fundamentals (98-364)
    Next up: CompTIA Cloud Essentials+ (CLO-002) or LPI Linux Essentials (010-160)
    Earned: CompTIA A+, Net+, Sec+, Server+, Proj+
    ITIL-F v3 2011 | ServiceNow CSA, CAD, CIS | CWNP CWTS
Sign In or Register to comment.