Malware found on Nexus 5, Samsung S4 phones from the manufacturer

Or so the article claims. Fake Netflix programs coming pre-installed

Pre-installed malware found on new Android phones - Computerworld

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Cert Poor

Whoa, creepy. Article doesn't say if any other utilities can detect the fake Netflix app. I run Lookout and Malwarebytes on mine (though not one of the devices mentioned in the article).

Edit:

Subject: Clean Master app on Android

I don't want to hijack your thread, but I caught something phoning home to China aggressively recently. Every time my phone connected to the Internet (whether Wi-Fi or 4G), it immediately initiated a tcp/80 session to 119.147.146.70 which is in Guangzhou, Guangdong, China and operated by China Telecom. I was like WTF? I Googled and found out my phone maker -- HTC, a Taiwanese company -- had some kind of partnership with China Telecom, but I didn't find much more.

I finally installed Netstat Plus and narrowed it down to "com.cleanmaster.mguard:service" which is the very highly rated Clean Master app I had just installed.

I then found out from KS Mobile's website that:

KS Mobile is headquartered in San Francisco with additional R&D centers in Beijing and Tokyo.

Google Maps then told me Beijing is 2100+ km away from Guangzhou. I still don't know what kind of data is phoning home to China from the Clean Master App, and I uninstalled the app before I even bothered doing a Wireshark trace. I do know that the world's fastest publicly known supercomputer according to Top 500 is in fact in Guangzhou, China. Probably just a coincidence, ha.

Can anyone with Clean Master on Android do a packet capture on an outbound connection to 119.147.146.70:80 and see what kind of data is aggressively phoning home? I'm always skeptical at such persistent data collection, so I uninstalled, but I'm sure many others use this app and might be curious.