Malware found on Nexus 5, Samsung S4 phones from the manufacturer

Bokeh

Or so the article claims. Fake Netflix programs coming pre-installed

Pre-installed malware found on new Android phones - Computerworld

Cert Poor

Whoa, creepy. Article doesn't say if any other utilities can detect the fake Netflix app. I run Lookout and Malwarebytes on mine (though not one of the devices mentioned in the article).

Edit:

Subject: Clean Master app on Android

I don't want to hijack your thread, but I caught something phoning home to China aggressively recently. Every time my phone connected to the Internet (whether Wi-Fi or 4G), it immediately initiated a tcp/80 session to 119.147.146.70 which is in Guangzhou, Guangdong, China and operated by China Telecom. I was like WTF? I Googled and found out my phone maker -- HTC, a Taiwanese company -- had some kind of partnership with China Telecom, but I didn't find much more.

I finally installed Netstat Plus and narrowed it down to "com.cleanmaster.mguard:service" which is the very highly rated Clean Master app I had just installed.

I then found out from KS Mobile's website that:

KS Mobile is headquartered in San Francisco with additional R&D centers in Beijing and Tokyo.

Google Maps then told me Beijing is 2100+ km away from Guangzhou. I still don't know what kind of data is phoning home to China from the Clean Master App, and I uninstalled the app before I even bothered doing a Wireshark trace. I do know that the world's fastest publicly known supercomputer according to Top 500 is in fact in Guangzhou, China. Probably just a coincidence, ha.

Can anyone with Clean Master on Android do a packet capture on an outbound connection to 119.147.146.70:80 and see what kind of data is aggressively phoning home? I'm always skeptical at such persistent data collection, so I uninstalled, but I'm sure many others use this app and might be curious.